security

Your data never leaves your control

Screenpipe is local-first. Screen, audio, and activity are captured, processed, and stored on your own devices. Open source, so your team can verify every line.

Local-first by default

Capture stays on the device: SQLite and media files under ~/.screenpipe. Nothing leaves unless you turn on sync.

You own the data

No Screenpipe servers in the core path. Local-first means data control, and liability, sits with you, not us.

Encrypted at rest

Sensitive data is encrypted with a zero-knowledge key hierarchy. The keys are yours.

You choose what is captured

Filter by app and by URL, strip passwords and PII. Per person, opt-in, never silent.

Open source

Source-available, 18,000+ GitHub stars. Audit every line of capture, encryption, and access control.

Deploy your way

Local-only for sensitive workflows, or a managed MDM rollout with locked admin policies.

compliance

SOC 2 Type II

Trust materials available during enterprise procurement. Verify scope and dates against the current trust packet.

GDPR · HIPAA · CCPA

Local-first supports data minimization, retention, deletion, and residency. Final posture depends on your configuration. Screenpipe does not sell screen content.

Open source audit

Source-available, full source for independent security review.

Need the full technical detail?

Architecture, cryptography, data flows, and source links for security review.

Healthcare / HIPAA Read the security architecture

Security contact: louis@screenpi.pe