Security & Privacy

Overview

Trust matters — so we engineered BranchPy to keep it minimal, explicit, and verifiable.

Most analysis runs locally on your machine. Cloud services are limited, explicit, and optional. We do not rely on invasive data collection, third-party tracking, or opaque processing.

Data Philosophy

We follow a minimal data model:

  • No project content is uploaded by default
  • No source code is stored on our servers
  • No hidden background processing

BranchPy operates primarily as a local analysis tool, not a cloud platform. You stay in control of your data.

What We Collect (and Why)

We only collect what is necessary to operate the service.

Account Data

  • Email address (for login and licensing)
  • Authentication credentials (securely stored)

License & Access

  • License tier and validity dates
  • Device authorization status

Optional Telemetry (if enabled)

  • Basic usage events (e.g., command execution)
  • Error diagnostics

Telemetry is opt-in / configurable, designed for product improvement only, and never used for advertising or resale.

What We Do NOT Collect

  • Your Ren’Py project files
  • Your scripts, assets, or dialogue
  • Personal content from your games
  • Any data unrelated to BranchPy usage

Authentication & Security

BranchPy uses a custom, minimal authentication system designed for transparency and control.

Password Security

  • Passwords are securely hashed (never stored in plain text)
  • Industry-standard hashing algorithms are used

Two-Factor Authentication (2FA)

  • Based on TOTP (Time-Based One-Time Password)
  • Compatible with standard apps (Google Authenticator, Authy, etc.)
  • Secrets are stored securely and never exposed after setup

Device Authorization

  • New devices require approval before access
  • Sessions are bound to authorized devices
  • This prevents unauthorized account reuse

Why a Custom Auth System?

We intentionally built a lightweight, in-house system to:

  • Avoid unnecessary third-party data sharing
  • Reduce external dependencies
  • Keep the architecture simple and auditable

This system follows standard security patterns (TOTP, hashing, session control) without adding unnecessary complexity.

Data Storage & Access

  • Sensitive data is stored securely and access-restricted
  • Authentication flows are isolated from product logic
  • No sensitive data is exposed to the client beyond what is required

We do not sell, share, or monetize user data.

External Services

BranchPy minimizes reliance on external providers. When used, they are limited to infrastructure (hosting, delivery) and do not have access to your project data.

Optional AI features (if enabled) are explicitly triggered by the user and follow a bring-your-own-AI model when applicable.

Transparency & Ongoing Improvements

Security is an ongoing process. We continuously review authentication flows, improve safeguards, and refine data minimization. Some components of our security architecture may be published or documented to improve transparency over time.

Your Responsibility

While we provide safeguards, you are responsible for:

  • Keeping your credentials secure
  • Enabling 2FA for additional protection
  • Managing access to your devices

Questions

If you have technical or security-related questions, reach out via our community. We prefer clear, direct conversations over vague assurances.

Summary

BranchPy is built to analyze locally, collect minimally, and operate transparently. Trust matters — and we designed the system to keep it minimal, explicit, and verifiable.