Security and Privacy

Auditaur is local-only and development-first by default.

Auditaur does not collect source code, environment variables, arbitrary filesystem contents, or screenshots by default. Telemetry is written to a local SQLite database under the developer’s local data directory.

Default redaction is key-based and recursive for JSON payloads. Common sensitive keys such as password, token, secret, and api_key are replaced with [REDACTED] before persistence. auditaur bundle also redacts share-sensitive JSON fields before writing a bug-report bundle.

Redaction reduces accidental capture, but applications should still avoid sending secrets to telemetry payloads. Keep Auditaur development-only unless you have explicitly reviewed what your app emits and set allow_release_builds(true).