Privacy Policy

This Privacy Policy describes how Basilisk ("we", "us", "our") handles information in connection with the Basilisk website (basilisk.rothackers.com), the Basilisk CLI tool, and the Basilisk Desktop application.

1. Information We Do Not Collect

Basilisk is designed with privacy as a core principle. We want to be explicit about what we do not collect:

• No telemetry — the CLI and Desktop app do not phone home or send usage metrics
• No scan results — your findings, reports, and payloads never leave your machine
• No API keys — your LLM provider credentials are stored locally and never transmitted to us
• No personal data — we do not collect names, emails, or identifying information through the Software
• No tracking pixels — the website does not use advertising trackers or retargeting

2. Website Analytics

The Basilisk website may use minimal, privacy-respecting analytics (such as server-side request logging or Vercel Analytics) to understand aggregate traffic patterns. These analytics:

• Do not use cookies for tracking
• Do not collect personally identifiable information (PII)
• Do not share data with third parties for advertising purposes
• May record: page views, referrer URLs, country-level geolocation, and browser type

3. Third-Party LLM Providers

When you use Basilisk to scan an AI target, the Software sends prompts to the LLM provider you configure (e.g., OpenAI, Anthropic, Google, Azure). This communication is between your machine and the provider directly. We do not proxy, intercept, or log these requests.

You are responsible for reviewing and complying with the privacy policies and data handling practices of any LLM provider you connect to through Basilisk.

4. GitHub & Package Registries

Basilisk is distributed via GitHub and PyPI. When you clone, download, or install the Software, you interact with those platforms' infrastructure. These platforms have their own privacy policies:

• GitHub Privacy Statement
• PyPI Privacy Notice

5. Local Data Storage

Basilisk stores the following data locally on your machine:

• Configuration files — API keys, provider settings, scan preferences
• Scan results & reports — SARIF, HTML, JSON, Markdown, and text reports
• Evolved payloads — Payload populations from SPE-NL evolution runs
• Desktop app state — Window preferences, recent sessions (Electron)

This data is stored in your local filesystem and is never transmitted externally. You have full control to delete this data at any time.

6. Children's Privacy

Basilisk is not intended for use by individuals under 18 years of age. We do not knowingly collect or solicit information from minors.

7. Data Security

We implement reasonable measures to protect the integrity of the Basilisk software supply chain, including signed releases and verified checksums. However, as an open-source project distributed globally, we cannot guarantee absolute security. You should always verify downloads against official checksums.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.