Trust Center

Trust, built into the product — not bolted on.

Cuttlefish keeps a simple promise: your work stays where you put it, nothing reaches outside your computer unless you choose it, and you can see exactly what happened. This is where the promise is laid out plainly, with links to every detail.

Trust at a glance

Everything that backs the promise, in one place.

Six places to look when you want the specifics — current service health, how we handle your data, the legal terms, and the security details a reviewer needs.

System status

See the current health of Cuttlefish services and where to follow updates if something is being worked on. Check system status.

Privacy

What Cuttlefish keeps, what it never sends, and the choices you control — written for a person, not a lawyer. Read the privacy policy.

Terms of service

The agreement that covers using Cuttlefish, in clear sections you can actually read. Read the terms of service.

Data processing

For teams and companies: how data is handled on your behalf, and the addendum your procurement team will want. Review data processing.

Security model

The deeper security details a reviewer or IT team needs, including how to report something. Read the security model.

Data handling & residency

Your data stays where you put it.

Cuttlefish starts on your computer, not on a server. What lives on your machine stays on your machine, and you decide how close to keep everything else.

Local stays local by default

Your settings, saved conversations, connected folders, and built apps live on your computer. Out of the box, nothing syncs anywhere and nothing is sent to an outside AI provider. When you run a model on your own machine, the entire conversation begins and ends on that machine — there is nothing to send. The private way of working is the starting point, not a buried option.

On device vs. in the cloud

A cloud model only receives what you send it for that one conversation, when you choose to use it — there is no quiet background upload and no training on your work. Backup, which lets your settings follow you across devices, is off until you turn it on. You choose, task by task, what stays home and what goes out, and you can switch models mid-conversation.

Keep, delete, or export — your call

You can review everything Cuttlefish has been given to use, clear what one item learned, or remove it entirely — and removing a folder never touches the files themselves. Save a full backup to a file you keep, restore it on a new machine, or reset any part of the app cleanly. Every clear-and-reset action asks first and tells you plainly what it will do.

Encryption & credentials

Protected on the way out, protected at rest, and your keys never leave.

The parts of Cuttlefish that do reach the network are protected in transit and at rest — and the most sensitive thing you hold, your provider keys, stay on your own machine.

Encrypted in transit

When Cuttlefish does talk to a cloud model, a connected tool, or the hosted side of the product, that traffic travels over an encrypted, modern connection — the same kind your bank uses. A model you run on your own machine doesn't go over the network at all, so there's nothing in transit to protect in the first place.

Encrypted at rest

The hosted parts of Cuttlefish — what a team shares and what follows your sign-in — are stored encrypted on the server side. On your own computer, your data sits under your operating system's protections like any of your other files. Backups you save are yours to store wherever you keep them.

Your keys, in your keychain

When you add a provider key, Cuttlefish stores it in your computer's own secure keychain — the same protected place your operating system keeps your passwords. The key is never written into a log and never travels to Cuttlefish's servers. The models and generated apps you run never see the raw key. Remove it, and it's gone from your machine.

Isolation

Your account, your team, your data — kept separate.

One person's workspace is never blended with another's. The same holds when a whole company runs Cuttlefish: each organization's work is fenced off from every other, and people only reach what they've been given.

One workspace, yours alone

Your conversations, memory, settings, and built apps belong to your workspace and no one else's. Nothing you do leaks into another person's Cuttlefish, and you're never quietly sharing a space you didn't choose to share.

Companies stay fenced off

When organizations run Cuttlefish, each one's data, connected systems, and shared work are isolated from every other organization. Inside a team, people are invited to a specific piece of work with clear limits on who can see and do what — and admins can see what was done, by whom, and where results went.

Sessions you can end

Signed in on more than one device? You can see your active sessions and end any of them in a couple of clicks. And a single, clearly labeled control pulls back every allowed action at once when you want a clean slate — useful the moment something feels off.

Proof of every action

You never have to take Cuttlefish's word for it.

For anything Cuttlefish does — a sent message, an edited file, a tool it ran, a task that finished while you were away — you can open a plain record and read it in seconds.

It happens

A record is created automatically.

You don't enable it or maintain it — proof is simply part of how Cuttlefish works.

What it didWhat it usedWho approved it
It's confirmed

Genuine and unchanged since.

If anything had been altered after the fact, you'd know — and that check runs by itself.

Tamper-proofHonest trail
You read it

Plain by default, deep on request.

It reads in everyday language; the full technical detail waits behind an optional view.

What changedWhere it went
Everywhere

It reaches wherever Cuttlefish acts.

A conversation, your browser, a connected tool, your phone, or while you slept — same record.

One historyBeside each result
Sensitive details are summarized or masked before anything leaves your device — you see enough to trust the work and nothing that shouldn't be shown. The full security model is in the security model.
Honest by default

What we do — and do not — claim.

Trust starts with telling you the truth about what's real today. Here's the straight version.

What we claim, and stand behind

Local stays local; nothing reaches an outside provider unless you choose it; a model on your own machine keeps the whole exchange there. Your keys stay in your keychain. Consequential actions ask first. Every action leaves a tamper-proof record. These are how the product is built, not marketing — and the pages above let you verify each one.

What we don't claim

We don't claim a specific third-party compliance certification on this page, and we won't imply one we can't show you. If your review needs the current state of certifications, audits, or a specific regulatory posture, ask us directly and we'll tell you exactly where things stand — no overstatement.

For a formal review

Security and procurement teams can request the materials they need — security details, data-processing terms, and the subprocessor list — and walk through deployment options with us. Start with the security model, data processing, and subprocessors, then reach out for anything specific to your environment.

Talk to us

Bring your reviewers. We'll bring the details.

Request a security review and we'll line up the documents, walk your team through the controls, and answer the hard questions plainly.