Your source stays where it already lives.
This page describes the privacy posture for the public website, Community local scanner, and controlled-access Console surface. Hosted Pro and Enterprise services will publish production data-processing details before broader customer access opens.
Community scanner
`@seamshield/cli` runs locally. Community scans do not upload source code or findings. Reports, fix plans, investigations, guard logs, and config are written in the repo unless a command documents otherwise.
- Offline mode is supported for the primary ship/access/privacy/doctor flows.
- Online dependency checks, when enabled, use package names and versions, not source files.
- Secret evidence is redacted before output.
Website
The static marketing site is intended to be informational. It should not collect source code, credentials, payment data, or private repository content.
Hosted platform
Hosted Console access is restricted to approved operators and early controlled-access accounts. The Console uses metadata-only product, account, and audit evidence unless a customer explicitly enables a hosted Pro or Enterprise service. Pro and Enterprise platform services will publish their data flows, retention, subprocessors, and customer controls before broader production access opens.
Retention
Local CLI artifacts remain in your repo or machine until you remove them. Hosted platform retention policies will be documented before broader customer access.
Choices
- Run `seamshield privacy .` to inspect local scanner behavior.
- Use `--offline` for source-private local checks where supported.
- Delete `.seamshield/` artifacts when you no longer need local investigation history.