HZSec is local-first by architecture, not by toggle. The scanner runs on your CPU, against files on your disk, and writes findings to your local store. There is no upload step.
The scanner reads your files directly from disk and analyzes them in-process. No copies are sent off-host. Ever.
Findings land in a local store under your home directory. You can opt into syncing them to a workspace for team review — that's an explicit, separate action.
No metrics, no error pings, no usage reporting unless you opt in. We don't need it to ship a working scanner.
License signature checks happen offline. There is no per-scan check-in to a remote server.
These aren't promises we can break with a config flag — they're properties of how HZSec is built.
HZSec ships as one signed executable. It has no companion daemon, no background process, and no listener. When you're not running it, it isn't doing anything.
Every detector is plain code — no model weights, no remote rulebooks fetched at scan time. You can read, fork, and pin the rules you depend on.
The scan command makes zero outbound network calls unless you explicitly enable a feature that requires one (e.g., CVE lookups, which can be cached and run offline).
If you create a HZSec account, we store an email, a license key, and a billing record. That's the full list. We don't have your code to lose.