BYOK. Pip-installed CLI. No Maestro server in the request path. This page lays out exactly what data goes where, and how to verify it.
When you run mso dispatch, here's exactly what crosses what boundary:
api.anthropic.com using your Anthropic key. Same network call as if you ran claude by hand..mso/ on local disk. Never uploaded.licence.maestrodevs.com for tier check. 14-day offline grace if the network is down.Full threat model lives in docs/THREAT-MODEL.md. Headline: the framework defends against accidental secret leakage (pretool scan), prompt-injection-led code drift (SEC review + REL gate), and supply-chain compromise of MCP servers (registry + risk levels). It does not defend against a compromised host machine — that's your security boundary.
SOC 2 Type II is planned for the Enterprise tier. Until then, our Compliance Mapping documents which SOC 2 Common Criteria and ISO 27001 Annex A controls each Maestro feature supports. We don't claim certifications we don't have.
Report it via the contact form. We acknowledge within 2 business days and aim to ship a fix within 14 days for HIGH/CRITICAL. Public disclosure follows fix release. docs/TRUST.md is the canonical SLA.
Set workspace.json: dataResidency.mode: air-gapped and Maestro refuses every outbound HTTP except localhost. Full guide: docs/ARCHITECTURE.md#air-gapped.