Your code stays yours.

Where your code lives

• On your machines. The mstro-app CLI runs locally on every computer you connect — your laptop, a cloud VM, a Raspberry Pi. Claude Code executes there, edits files there, runs tests there.
• Never on Mstro infrastructure. The platform server in our cloud is a real-time WebSocket relay. Messages pass through; nothing is logged or persisted.
• Conversation history is local. Saved in .mstro/ on your machine. We do not have access.

Data flow

Browser  ──►  Platform Relay  ──►  mstro CLI  ──►  Claude Code
(mstro.app)   (WebSocket relay)    (your machine)    (your machine)
              ┌────────────┐
              │ NO STORAGE │
              │ NO LOGGING │
              └────────────┘

The relay routes WebSocket frames between the browser and the CLI. It authenticates the user (via Clerk JWT) and the device (via SHA-256 hashed token), then forwards traffic. It does not parse, persist, or train on payloads.

The Security Bouncer

Long-running AI tasks fail when they pause every few seconds for permission prompts. The Security Bouncer is a 2-layer tool-approval system that lets safe tool calls proceed automatically while still blocking risky ones.

• Layer 1 — pattern matching. A configurable allow/deny list runs first. Common safe operations (read files, list git status, run lint) are auto-approved instantly. Destructive operations (rm, git push --force) are blocked by default and require an explicit allow.
• Layer 2 — Haiku AI analysis. Tool calls that don’t match a pattern are sent to Claude Haiku for fast classification. Approved calls proceed; ambiguous calls fall back to a human prompt.
• Auditable. Every Bouncer decision is logged locally so you can review what an AI agent was allowed to do.

What we store on the server

• Account information. Email, hashed password (via Clerk), optional display name.
• Session tokens. Used to keep you signed in. Expire after 7 days.
• Device registrations. Device name, hostname, OS, CPU architecture. Device tokens are stored as one-way SHA-256 hashes.
• Connection metadata. Which orchestras (project + machine pairs) are connected and when they last pinged.
• Usage metrics. Token counts for billing.

We do not store: source code, file contents, terminal output, AI prompts, AI responses, or any other workspace content.

Third-party services we use

Anthropic processes your prompts via your own API key. See Anthropic’s Privacy Policy for how they handle data.

Encryption & transport

• HTTPS-only across mstro.app and app.mstro.app (HSTS preload).
• WebSocket connections to the relay use WSS.
• Passwords managed by Clerk (bcrypt + their own controls).
• Device tokens are SHA-256 hashed before storage.
• Database (Postgres) and ephemeral state (Redis) encrypted at rest.

AI training

Mstro does not train any model on your code, prompts, or responses. Anthropic’s API terms control what they may do with API requests routed through your own key — by default, API content is not used to train Anthropic models. Verify this in your Anthropic console settings.

GDPR & data deletion

You can delete your account at any time from your settings. Deletion removes account data, sessions, device registrations, and connection metadata from our servers. Local data on your machines is unaffected.

For a data export or formal access request under GDPR / CCPA, email bravo@mstro.app and we’ll respond within 30 days.

Security headers

Both mstro.app and app.mstro.app ship with:

• Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
• X-Frame-Options: DENY
• X-Content-Type-Options: nosniff
• Permissions-Policy: camera=(), microphone=(), geolocation=()
• Referrer-Policy: strict-origin-when-cross-origin

Reporting a vulnerability

Email bravo@mstro.app with details. We will acknowledge within 48 hours. We don’t yet run a paid bug-bounty, but every valid report gets credited (with permission) in the changelog.

See /.well-known/security.txt for machine-readable contact info.