Short answers to honest questions.

Cursor, Claude Code, Copilot, and Windsurf at launch. We instrument the local app. No browser extension, no proxy. When a new agentic tool hits critical mass, adding coverage is usually a one-week release because the detection engine is shared across tools.

macOS is first-class from day one (Apple Silicon and Intel, macOS 13+). Windows 11 support lands in Hafta 15 of our roadmap. Linux is post Demo Day. The engineering priority goes to whichever OS your team is actually running Cursor on, and today that answer is overwhelmingly macOS.

p95 under 50 milliseconds on-device, measured on an M1 MacBook Air. The rule engine runs synchronously before the prompt leaves the process. The ML classifier runs in parallel and adds soft signal without blocking.

It fails open. If the agent is not running, prompts go through exactly as they would without HeimWall installed. We never block an engineer from shipping because our process died. A watchdog restarts the agent on failure and the dashboard flags uptime anomalies.

For a fleet rollout, MDM (Jamf, Kandji, Intune) is preferred. Zero-touch, signed, notarized. For individual installs, the DMG is a standard Apple-notarized app. The engineer approves the system prompt on first launch; nothing deeper is required.

At install time, the agent shows a consent dialog explaining exactly what is detected, what leaves the device (redacted metadata only), and a link to the dashboard where the engineer can see their own data. The dashboard itself carries a non-dismissible banner that safety scores cannot be used for performance reviews, and that clause is in the contract.

No. Detection runs on-device. Raw prompt text is inspected locally, hashed (SHA-256), and the hash is what leaves the machine. The dashboard sees category labels (Secret / PII / ProprietaryCode / CustomerData), severity, and a character count. Never the content. Investigation Mode is the only path to raw text, and it is gated (see below).

The agent sits locally alongside Cursor, Claude Code, Copilot, and Windsurf. When you submit a prompt, the agent inspects it in-memory on your own machine, applies rule + ML detection, produces a classification, and emits redacted metadata (no body) to the dashboard. The original text is never written to disk by HeimWall and never transmitted to our cloud by default.

No. By contract. Every customer MSA contains a clause prohibiting use of safety scores, flag history, or any HeimWall-derived signal in performance reviews, promotion decisions, or compensation decisions. The dashboard carries a non-dismissible banner on every page restating this. Violations are a breach of contract.

Investigation Mode (and only Investigation Mode) surfaces raw prompt content. Triggering it requires: (1) a second-factor step-up, (2) a written justification of at least 50 characters, (3) automatic notification to the affected employee within one hour, and (4) a 24-hour time-box. Every action is audit-logged and exportable. It exists for incidents, not for browsing.

GDPR: yes at launch. HeimWall only processes metadata by default and our DPA template is ready. SOC 2 Type II: audit is in progress; we're targeting a report in Hafta 23. We will not claim certification we don't hold. HIPAA eligibility ships with the Enterprise tier when BYOK and on-prem land (v1.5, ay 12+).

On-prem is on the Enterprise roadmap for v1.5, targeted for month 12+. For regulated industries (healthcare, defense, classified fintech), we're happy to discuss design-partner terms earlier. It shapes the architecture. Contact founders@heimwall.ai.

Currently us-east-1 (Supabase + ClickHouse Cloud). EU region support is on the v1.5 roadmap. Enterprise on-prem bypasses this entirely. All metadata stays inside your environment.

Yes. Upgrades are prorated immediately. You pay the tier difference for the remainder of the term. Downgrades take effect at the next renewal. Annual commits get a two-year (10%) or three-year (20%) discount if you lock in early.

Solo is free forever and covers a single developer. For Team and Business, we run 30-day paid POCs for serious evaluators. A $15K deposit that converts to your first invoice if you sign. This discipline keeps POC cycles short and mutual.

Annual plans are non-refundable after 30 days. Within the first 30 days, you get a full refund for any reason. Enterprise terms are negotiated case by case in the MSA.