Security

Your code stays on your machine.

eri is a desktop app. The model calls go from your machine straight to the provider (the eri Engine, Anthropic, OpenAI, or your local Llama). Our servers handle billing and account state — nothing else.

How requests flow

your machine ─────────────► eri Engine (diffusion)
              │
              ├──────────► Anthropic (Claude polish)
              │
              ├──────────► OpenAI / Gemini (if configured)
              │
              └──────────► eri-cloud (auth + billing only)
                              ↑
                              │ never receives:
                              │ - prompts
                              │ - code
                              │ - voice
                              │ - gaze

On the Free plan, you provide your own keys and eri-cloud is essentially invisible. On Starter/Pro, we proxy billing-bound requests so we can count your usage, but the request body still goes provider-to-you — we sign the call without seeing it.

Auth + encryption

• —Passwords hashed with bcrypt, cost factor 12. We never see plaintext.
• —Session tokens are JWT HS256, 7-day expiry, rotated on sign-in.
• —All traffic encrypted in transit via TLS 1.3. HSTS preloaded on eri.dev.
• —BYOK API keys stored in your OS keychain (macOS Keychain, Windows Credential Manager, GNOME Keyring).

What we collect

• ✓Email address (for sign-in and billing receipts)
• ✓Bcrypt-hashed password (cost factor 12 — we can never recover the original)
• ✓Subscription state from Stripe (tier, status, renewal date)
• ✓Usage counters (number of iterations, deploys — no content)
• ✓Sentry crash reports (opt-out in settings)

What we don't collect

• ✗Your prompts or what you said out loud
• ✗Your code — written, generated, or otherwise
• ✗Your voice recordings (TTS is one-shot, never stored)
• ✗Your gaze data (it never leaves your machine)
• ✗Your API keys (BYOK keys are stored encrypted in your OS keychain)

Vendors

These are the third parties eri-cloud talks to. Each one has a DPA on file. Click through for their compliance pages.

• Stripe

  Subscription billing
  Privacy →
• Resend

  Transactional email
  Privacy →
• Supabase

  Postgres + auth (EU region)
  Privacy →
• Sentry

  Crash reporting (opt-out)
  Privacy →
• PostHog

  Product analytics (events, no PII)
  Privacy →
• Vercel

  Web hosting + deploy hooks
  Privacy →

Compliance

We're a startup, so let's be honest about where we are.

SOC 2 Type II

In progress. Target: Q3 2026. We're working with Vanta on the audit window.

GDPR

Data export and deletion endpoints live now. Email privacy@eri.dev or use the dashboard.

HIPAA

Not supported. Don't put PHI through eri until we tell you otherwise.

Data residency

Account data stored in Supabase EU (Frankfurt). Model providers handle their own regions.

Report a vulnerability

Found something? Email security@eri.dev with a description and reproduction steps. We respond within 48 hours, fix critical issues within 7 days, and publicly credit researchers who want it.