Trust Center: exactly what OpenThunder does with your code

OpenThunder is built so you don't have to take our word for it. This page describes, precisely, what OpenThunder reads, what stays on your machine, and what leaves only when you choose. We avoid absolute claims like "nothing ever leaves your machine," because OpenThunder can optionally use cloud features and external AI providers. Instead, we show you the exact behavior of the mode you pick.

The promise

Understand your repository and verify AI-generated changes without surrendering control of your code. You choose whether analysis runs on your machine, through your own AI provider, or in OpenThunder Cloud, and you can see what happens either way.

Three ways OpenThunder runs

Local (default)Your AI Provider (BYOK)OpenThunder Cloud
Account requiredNoNoYes
Repository analysisOn your machineOn your machineIn OpenThunder Cloud
Source code uploadedNoNo (context sent to your provider only)Only for the features you enable
External AI callsNoneTo the provider you configure, with your keyTo an OpenThunder-managed or your provider
Best forTrying it, private repos, offlineUsing your own Claude/OpenAI/etc.Team history, PR checks, collaboration

The desktop app, CLI, and VS Code extension all default to local: the analysis lenses (architecture, security, health) run on your machine and require no account and no AI key.

What stays local, and what can leave

Verified by our own code audit:

Repository content leaves your machine only when you run an AI action with a configured provider. At that point, the prompts and code context OpenThunder sends go to that provider (for example Anthropic) under its terms, using your own API key. The local lenses and scans do not require this.

Secret protection

Before OpenThunder sends any code to an AI provider, it:

This substantially reduces the risk of leaking a credential, but we do not claim it is perfect (for example, a password embedded inside a connection-string URL may not be caught). For highly sensitive repositories, prefer local-only analysis, or review what you send.

What OpenThunder does not do

No account to try it

Download the desktop app and analyze a repository with only a one-time terms acceptance, no sign-up, no email, no card. An account is required only for cloud features (hosted history, team collaboration, billing).

Reporting a security issue

Found a vulnerability or a privacy concern? Email support@skillstechtalk.com with the details and we will respond. Please do not open a public issue for security-sensitive reports.