Security
How The Distillery handles your data, stated plainly, verifiable in source.
Your code never leaves your machine. Only token counts sync.
Data flow
Stays on your machine
- Source code and file contents
- Conversation history
- Request and response bodies
- System prompts
- API keys (forwarded but never stored)
Syncs upstream
- Token counts per session
- Session timestamps
- Your Distillery account ID (for billing)
- Subscription status
No logging of request content
The proxy does not log request content. Only token counts are recorded in the local SQLite database at ~/.distillery.
Open source and auditable
The distillation logic is open source. Read it yourself before trusting it.
Third-party dependencies
The packages that touch your request data:
fastify: HTTP server that accepts requests from your tools@anthropic-ai/sdk: client that forwards requests to Anthropic
No exotic dependencies. Read the source.
Common questions
Does The Distillery ever send my code to third parties?
No. Your code, prompts, and responses stay on your machine. The proxy forwards them directly to Anthropic. There is no Distillery server in that path. Only aggregate token counts sync to Distillery for billing.
Who can see my token usage data?
You, and the Distillery billing pipeline. Usage data is scoped to your account and not shared with third parties. See the privacy policy for full detail.