security

Your data never leaves your control

Screenpipe is local-first. Screen, audio, and activity are captured, processed, and stored on your own devices. Open source, so your team can verify every line.

Local-first by default

Capture stays on the device: SQLite and media files under ~/.screenpipe. Nothing leaves unless you turn on sync.

You own the data

No Screenpipe servers in the core path. Local-first means data control, and liability, sits with you, not us.

Encrypted at rest

Sensitive data is encrypted with a zero-knowledge key hierarchy. The keys are yours.

You choose what is captured

Filter by app and by URL, strip passwords and PII. Per person, opt-in, never silent.

Open source

MIT licensed, 18,000+ GitHub stars. Audit every line of capture, encryption, and access control.

Deploy your way

Local-only for sensitive workflows, or a managed MDM rollout with locked admin policies.

compliance

SOC 2 Type II

Trust materials available during enterprise procurement. Verify scope and dates against the current trust packet.

GDPR · HIPAA · CCPA

Local-first supports data minimization, retention, deletion, and residency. Final posture depends on your configuration. Screenpipe does not sell screen content.

Open source audit

MIT licensed, full source available for independent security review.

Need the full technical detail?

Architecture, cryptography, data flows, and source links for security review.

Read the security architecture

Security contact: louis@screenpi.pe