Security & privacy

Privacy is the architecture, not a setting.

EvolIDE is engineered so secrets, context-ranking IP, and audit data live where they belong — on the server, not on every laptop.

Architecture

Your keys never touch
the client.

Provider keys are custodied on the EvolIDE gateway, encrypted at rest. The desktop holds a token only. Context-ranking IP never ships in the client bundle.

  • Client never calls providersEvery LLM call is mediated by the gateway Brain
  • Token-only sessionProfile, prefs, and active model fetched from gateway
  • Brain-mediated contextRanking and routing run server-side, then proxied to LLMs
  • Usage ledgerEvery cloud call metered and auditable
  • Enterprise on-premPrivate gateway + Brain for air-gapped teams

FAQ

Common security questions

Where are provider API keys stored?

On the EvolIDE gateway, encrypted at rest. The desktop client never holds a provider key.

Does my source code leave my machine?

Local indexing stays local. Context ranking is the only step that requires the gateway, and you can run it on-prem.

Can I run an air-gapped deployment?

Yes — Evol Group provides an enterprise on-prem gateway and private context worker package.

What is logged?

Per-call usage metering, audit events, and operator actions. Raw prompts and secrets are redacted before logging.

Private beta · invite only

Ship faster with EvolIDE

We’re onboarding a small set of pilot teams before public launch. Tell us about your stack and we’ll get back to you.

Request early access

Be first to try EvolIDE — AI Delivery IDE for serious software teams.

No credit card. Audit-ready governance from day one.