Privacy
Privacy.
Nipmod is built for package decisions. It should receive package, source and decision context, not private workspace content or secrets.
- Secrets
- never paste
- Usage
- privacy-limited
- Keys
- hashed server-side
Data we need
Package intelligence
Package names, sources, versions, trust signals, risk levels and decision metadata needed to answer package-safety requests.
API access
API key identifiers, access tier, rate-limit state and coarse usage data needed to operate the service.
Account flows
Email login and account-scoped API keys for users who create an account.
Feedback
Optional feedback choices and hashed identifiers when a user submits feedback.
Data not to send
Secrets
Do not send API keys, wallet phrases, private repo content, customer data, private prompts or credentials.
Workspace files
Hosted read-only API and MCP do not need local file contents. Local scans stay local unless the user explicitly submits a receipt.
Raw private context
Agents should summarize the package decision need instead of forwarding sensitive project material.
Hosted MCP boundary
Read-only
The hosted MCP endpoint searches, resolves, inspects and creates decision/install-plan responses.
No workspace writes
Hosted MCP does not install packages, run package managers, edit files, clone repositories or execute code.
Local approval
Any install or runtime action remains under the user's local Codex, Claude Code or CLI approval flow.
Contact
Privacy contact