What leaves your computer.

Open tier (CLI, plugin, MCP, desktop)

Nothing. The Open tier does not make any network calls on your behalf. If you point it at Ollama, it talks to localhost. If you BYOK to a hosted provider, your machine talks to that provider directly — Basalt never proxies that traffic.

BYOK

API keys are stored in your OS keychain (macOS Keychain, Windows Credential Manager, libsecret on Linux). They are never written to disk in plain text, never sent to our servers, never logged.

Pro tier (web cockpit)

Pro processes embeddings and brief generation on Cloudflare Workers. In-memory only — no Brief content is persisted server-side beyond the single request cycle. The index database itself stays on your machine unless you opt into Vault Sync.

Vault Sync (opt-in, Pro only)

Sync is end-to-end encrypted with a key derived from your passphrase via Argon2id. We can serve you ciphertext blobs back; we cannot read them. Losing the passphrase loses the synced index — local indexes are reconstructible by re-running basalt init.

Verifiability

• Every brief writes a hash-chained audit entry to ~/.basalt/audit.log.
• Index manifests use BLAKE3; you can verify the index hasn't been tampered with.
• Pro briefs additionally include an OpenTimestamps anchor on request.

Threat model

• Protects against: casual server compromise, supply-chain swaps of brief content, vendor disappearance (Open tier keeps working).
• Does not protect against: a compromised local machine, a key-logger on your keyboard, the LLM provider you BYOK to.

Full technical detail lives in the docs: threat model.