Privacy
Firmis is offline-first. By default, nothing leaves your machine. Ever.
Last Updated: 2026-02-07
Key principles
Section titled “Key principles”- The scanner works fully offline by default
- All cloud features are opt-in
- No personally identifiable information is collected
- You control what data is shared
Data collection summary
Section titled “Data collection summary”| Data Type | Collected | Opt-in | Sent to Cloud |
|---|---|---|---|
| File paths | No | — | Never |
| Code snippets | No | — | Never |
| Environment variables | No | — | Never |
| IP address | No | — | Never |
| Threat pattern hashes | Yes | Telemetry | Anonymized |
| Platform statistics | Yes | Telemetry | Aggregated |
| Behavioral features | Yes | Cloud scan | Numeric only |
Offline mode (default)
Section titled “Offline mode (default)”When you run firmis scan without the --cloud flag:
What happens locally:
- Scans your AI agent components
- Matches against 209 bundled YAML rules
- Generates reports (JSON, SARIF, HTML, terminal)
What is NOT collected or sent:
- Absolutely nothing leaves your machine
- No network requests are made
- No telemetry is collected
- No usage tracking occurs
Cloud mode (opt-in)
Section titled “Cloud mode (opt-in)”When you run firmis scan --cloud, we send threat pattern hashes to enhance your results:
{ "signatureHash": "sha256:abc123...", "category": "credential-harvesting", "severity": "high", "patternType": "file-access", "platform": "claude", "localConfidence": 85}What we DO NOT send: file paths, file names, code snippets, directory structure, environment variables, or user/machine identifiers.
For behavioral analysis, we send numeric feature vectors only — counts and booleans, never actual code, function names, variable names, or string literals.
Telemetry (opt-in)
Section titled “Telemetry (opt-in)”Enable with firmis scan --cloud --contribute. Telemetry helps identify new threats through collective intelligence and reduce false positives. What we collect:
- A random event ID (not tied to your identity)
- Scanner version
- Aggregate platform component counts
- Threat signature hashes (never code)
- A rotating weekly installation ID (SHA256 hash, not personally identifiable)
Data retention: Raw telemetry is kept 7 days; aggregated statistics up to 2 years. No PII is retained.
Your choices
Section titled “Your choices”# Fully offline (default)firmis scan
# Cloud enrichment, no telemetryfirmis scan --cloud
# Contribute to collective defensefirmis scan --cloud --contributeTo request deletion of telemetry data, email privacy@firmislabs.com with your installation ID.
Firmis is GDPR compliant (EU) and CCPA compliant (California). No personal data is collected in the default offline mode. Cloud features process only anonymous, non-reversible hashes and numeric metrics.
What we don’t do
Section titled “What we don’t do”- We never upload your code, file paths, or directory structure
- We never sell data to third parties
- We never profile individual developers or organizations
- We never run your code — all analysis is static, operating on raw file content
Third-party services
Section titled “Third-party services”| Service | Purpose | Data processed |
|---|---|---|
| Cloudflare | API gateway | Request routing (no logging) |
| Supabase | Database | Threat signatures, aggregates |
| ClickHouse Cloud | Analytics | Telemetry aggregates only |
No third party receives your code, file paths, or personally identifiable information.
Contact
Section titled “Contact”For privacy questions or concerns:
- Email: privacy@firmislabs.com
- GitHub: github.com/riteshkew/firmis-scanner/issues