Security
Local-first, private, and enterprise-ready
Nimbalyst is local-first. Your code, sessions, and data live on your machine, not our servers. SOC 2 Type 2 certified with fine-grained permission controls, bring-your-own API keys, and full audit trails.
Capabilities
Security you can verify
Local-first architecture
All files, sessions, and metadata live on your local filesystem. No cloud database, no proprietary storage format, no lock-in.
SOC 2 Type 2 certified
Nimbalyst has completed SOC 2 Type 2 certification. Enterprise-grade security controls, audited processes, and documented compliance.
Fine-grained agent permissions
Control what agents can do per project. Set trust levels, permission modes (normal, cautious, full-auto), allowed tools, and filesystem access boundaries.
Bring your own API keys
Your API keys go directly to the provider. No intermediary proxy, no data routing through third parties, and no markup on API costs.
Audit trail
Every agent action is logged in session transcripts. See exactly what files were read, what was written, and what commands were run.
End-to-end encryption for sync
If you choose to sync sessions across devices, all data is end-to-end encrypted. We cannot read your content.
How It Works
How security works in Nimbalyst
Configure permissions per project
Set agent trust levels and permission modes for each project. Define which tools agents can use and which filesystem paths they can access.
Work locally with your own keys
Your code and documents stay on your machine. API calls go directly to your chosen provider using your own keys.
Review everything agents do
Session transcripts log every file read, write, and command. Review agent actions at any time. Opt in to cloud sync with end-to-end encryption only if you choose.
Comparison
Why security-conscious teams choose Nimbalyst
Unlike cloud-first AI tools, Nimbalyst keeps your intellectual property on your machine and gives you full control over what agents can access.
| Alternative | Nimbalyst Advantage |
|---|---|
| Cloud-based AI editors | Code never leaves your machine. No cloud uploads, no shared servers. Local-first means your IP stays private by default. |
| AI coding assistants with opaque data handling | Transparent architecture with session transcripts, bring-your-own keys, and no intermediary data routing. You know exactly what happens with your code. |
| Self-hosted open-source tools | Enterprise-grade security with SOC 2 certification and professional support, without the overhead of maintaining your own infrastructure. |
