Trust Center: exactly what OpenThunder does with your code
OpenThunder is built so you don't have to take our word for it. This page describes, precisely, what OpenThunder reads, what stays on your machine, and what leaves only when you choose. We avoid absolute claims like "nothing ever leaves your machine," because OpenThunder can optionally use cloud features and external AI providers. Instead, we show you the exact behavior of the mode you pick.
The promise
Understand your repository and verify AI-generated changes without surrendering control of your code. You choose whether analysis runs on your machine, through your own AI provider, or in OpenThunder Cloud, and you can see what happens either way.
Three ways OpenThunder runs
| Local (default) | Your AI Provider (BYOK) | OpenThunder Cloud | |
|---|---|---|---|
| Account required | No | No | Yes |
| Repository analysis | On your machine | On your machine | In OpenThunder Cloud |
| Source code uploaded | No | No (context sent to your provider only) | Only for the features you enable |
| External AI calls | None | To the provider you configure, with your key | To an OpenThunder-managed or your provider |
| Best for | Trying it, private repos, offline | Using your own Claude/OpenAI/etc. | Team history, PR checks, collaboration |
The desktop app, CLI, and VS Code extension all default to local: the analysis lenses (architecture, security, health) run on your machine and require no account and no AI key.
What stays local, and what can leave
Verified by our own code audit:
- No telemetry, analytics, or usage tracking is bundled in the desktop app, CLI, VS Code extension, or MCP server. Usage counters are written only to a local database on your machine, never transmitted.
- License checks are fully offline (local cryptographic verification). OpenThunder does not phone home to validate a license.
- The MCP server makes no network calls (it runs local
gitonly). - The desktop app checks
openthunder.devfor software updates (an update feed only, no data about you or your code is sent). - Our public websites (openthunder.dev, openthunder.ai) use privacy-configured Google Analytics for anonymous page views and download counts, IP anonymized, no ad tracking, no Google Signals. This never runs inside the app, CLI, or extension. See the Privacy Policy.
Repository content leaves your machine only when you run an AI action with a configured provider. At that point, the prompts and code context OpenThunder sends go to that provider (for example Anthropic) under its terms, using your own API key. The local lenses and scans do not require this.
Secret protection
Before OpenThunder sends any code to an AI provider, it:
- Withholds secret files entirely,
.env,secrets.*,*.pem,*.key,id_rsa,.npmrc,credentials.*, and similar, so their contents are never sent. - Redacts secret-shaped values (API keys, tokens, PEM blocks,
KEY=valueassignments) from any file, search result, or command output it does read.
This substantially reduces the risk of leaking a credential, but we do not claim it is perfect (for example, a password embedded inside a connection-string URL may not be caught). For highly sensitive repositories, prefer local-only analysis, or review what you send.
What OpenThunder does not do
- It does not modify your code without an explicit action.
- It does not require an account for local analysis.
- It does not require an AI key for the core local lenses and scans.
- It does not upload your source in local mode.
- It does not sell your data or use your source code to train models.
- It does not force-push or auto-merge to your branches.
No account to try it
Download the desktop app and analyze a repository with only a one-time terms acceptance, no sign-up, no email, no card. An account is required only for cloud features (hosted history, team collaboration, billing).
Reporting a security issue
Found a vulnerability or a privacy concern? Email support@skillstechtalk.com with the details and we will respond. Please do not open a public issue for security-sensitive reports.