// SECURITY //

Local by design.

Helmsman runs on your Mac and drives your own Claude Code. Your code, your prompts, and your terminal output stay on your machine. There is no Helmsman server in the loop while you work.

Local-only architecture

Helmsman spawns and drives your own local claude binary (the Claude Code CLI) as a child process. It does not bundle a model, and it does not proxy one.
Each terminal is a real local PTY owned on your Mac (via node-pty). The renderer only draws bytes and sends the keystrokes you type.
No cloud relay. Your code, prompts, and terminal output never pass through a Helmsman server. There is no Helmsman backend involved while you work.
No GitHub or OAuth scopes requested. Helmsman asks for no third-party account access.
It runs entirely on your machine. The only network calls are the ones your own claude sessions make, exactly as they would in your terminal.

What the waitlist stores

Helmsman is pre-launch. Today the only data we collect is what you hand us through the waitlist form on this site. Here is all of it.

Collected: Your email address (lowercased) and a timestamp.
Store: Upstash for Redis, a Redis SET named helmsman:waitlist, connected to this site's Vercel project.
Rate-limit keys: Short-lived per-IP counters (keys prefixed helmsman:rl:) to throttle abuse. They expire automatically.
Bot defenses: A hidden honeypot field and a timing trap. Neither stores anything extra.
Purpose: A single email the day Helmsman ships. No selling, no sharing, no other mail.

For the full data story, see the privacy page.

Reporting an issue

Found a security problem? Email hello@helmsman.sh and we will respond.