Privacy Policy

Last updated: January 2026

Overview

OpenSploit is designed with privacy as a core principle. This policy explains how we handle data when you use OpenSploit.

Local-First Architecture

OpenSploit runs entirely on your local machine. Your targets, scan results, session data, and findings are stored locally and never transmitted to our servers.

• All security tool execution happens locally via Docker
• Session history is stored in ~/.opensploit/
• No telemetry or usage tracking is collected
• No analytics scripts on this website

LLM Provider Communication

When you use OpenSploit with an LLM provider (Anthropic, OpenAI, etc.), your prompts and tool outputs are sent to that provider. This communication is:

• Direct between your machine and the provider
• Subject to the provider's privacy policy
• Not routed through or stored by OpenSploit

We recommend reviewing your chosen provider's data handling policies, especially regarding security-sensitive information.

Tool Registry

OpenSploit fetches a tool registry from opensploit.ai to discover available security tools. This request:

• Contains no personally identifiable information
• Does not include scan targets or results
• Is cached locally to minimize requests

Website Data

This website (opensploit.ai) does not use cookies, analytics, or tracking scripts. We do not collect any personal information through the website.

Security Disclosures

If you discover a security vulnerability in OpenSploit, please report it to security@opensploit.ai. We do not share reporter information without consent.

Changes to This Policy

We may update this policy as OpenSploit evolves. Significant changes will be announced in release notes.

Contact

For privacy-related questions, contact us at privacy@opensploit.ai.