Trust and local files
How Halden handles your files
Halden is a desktop app with a web account service. The important boundary is simple: normal project scanning and fixing happen on your device, while account, license, update, checkout, and optional GitHub checks use separate service calls.
Stays on your device
These are processed locally during normal scanning and fixing. They do not need to be sent to Halden's web service for the desktop app to find issues or apply supported local fixes.
- Your source code
- .env values and local secret files
- Detected API key values
- Scan results and local scan cache
- Fixes Halden applies to project files
What can leave your device
Halden separates local project work from service features. These calls are for access, updates, billing, or checks you explicitly run.
Account and license checks
Halden uses your signed-in account to confirm Starter or Lifetime access. It does not need your source code or env values to do that.
App and pattern updates
Halden may check for app updates and signed detection-pattern updates so the desktop app can stay current.
GitHub Secret Scanning
When you run this optional check, Halden sends the GitHub owner and repo through the web service so the GitHub App can ask GitHub for alert status.
Checkout and account dashboard
Stripe and Supabase handle payment, sign-in, license records, and account dashboard data.
Safer local fixes
Halden treats file edits as sensitive.
A tool that edits your project files has to be careful. Halden validates paths, avoids unsupported source rewrites, and uses a safer write path for production fixes.
- 1Halden only works on project folders you choose.
- 2File operations are checked against the registered project path before they run.
- 3Fixes are prepared before writing, so unsupported source changes fail instead of guessing.
- 4Project-file writes use a safer write path with temporary files and rollback support for multi-file fixes.
- 5When a local edit is not enough, Halden keeps manual follow-up visible instead of hiding it behind a green status.
What Halden will not do
- Halden does not intentionally upload your source code during normal scanning or fixing.
- Halden does not intentionally upload raw .env values or detected API keys during normal scanning or fixing.
- Halden does not log full API keys, refresh tokens, Stripe secrets, Supabase service-role keys, or GitHub App private keys.
- Halden does not put server-only credentials into the desktop app or public web client.
What Halden cannot promise
No scanner can guarantee that every key, token, credential, or copy of a secret will be found. Halden focuses on known leak paths in local AI-built projects and keeps manual follow-up visible when a local file edit is not enough.
If a secret may already be in git history, a remote repository, an AI tool transcript, cloud sync, logs, or production systems, rotate it with the affected provider and review the published copies separately.
How this relates to the Privacy Policy
This page explains Halden's file-handling model in product language. The Privacy Policy covers account data, license records, payment references, providers, retention, and privacy rights.