Security
Security at ShellPilot
Your security is our top priority. Learn how we protect your data.
End-to-End Encryption
All data transmitted between your device and our servers is encrypted using TLS 1.3.
Local Processing
By default, commands are processed locally on your machine. Cloud features are opt-in.
Secure Authentication
We use industry-standard OAuth 2.0 and support two-factor authentication.
No Command Storage
We do not store your command history on our servers unless you explicitly enable sync.
SOC 2 Type II
Our infrastructure and processes are SOC 2 Type II certified.
Safety Warnings
Potentially dangerous commands are flagged with warnings before execution.
Security Practices
Infrastructure Security
Our infrastructure is hosted on AWS with industry-leading security practices. We use isolated VPCs, encrypted storage, and regular security audits to ensure your data is protected.
Code Security
All code changes undergo security review before deployment. We use automated security scanning tools and regular penetration testing to identify and address vulnerabilities.
Access Control
We follow the principle of least privilege. Employee access to production systems is strictly controlled, logged, and regularly audited.
Responsible Disclosure
We welcome security researchers to help us improve the security of ShellPilot. If you discover a vulnerability, please report it responsibly to security@shellpilot.pro.
We commit to:
- Acknowledging receipt within 24 hours
- Providing regular updates on our investigation
- Not pursuing legal action against good-faith researchers
- Crediting researchers who help us improve security
Compliance
ShellPilot is committed to meeting the highest standards of security and privacy compliance:
- SOC 2 Type II certified
- GDPR compliant
- CCPA compliant
- Regular third-party security audits