Legal · Security

Security

Pace is open source software you install in your own AI harness. The most important security property is what we don't do: Pace's infrastructure is not in the data path. Skills run inside your Claude Code or Cowork install; MCP traffic goes directly between your harness and your vendors. This page documents the model so your security team can review it.

Data flow at a glance

┌─────────────────────────┐                    ┌─────────────────────────┐
│  Your machine           │                    │  Your vendors           │
│  (Claude Code / Cowork) │  ◀─── MCP/HTTPS ──▶│  (Slack, HubSpot,       │
│                         │      OAuth         │   Snowflake, Notion,    │
│  Pace plugin files      │                    │   Linear, etc.)         │
│  Stored locally         │                    │                         │
└─────────────────────────┘                    └─────────────────────────┘
              │
              │ Optional: read marketplace catalog
              │ (HTTPS GET, no body, no cookies)
              ▼
┌─────────────────────────┐
│  pace.tools             │
│  (Cloudflare Pages,     │
│   static)               │
└─────────────────────────┘

Pace's servers see read-only catalog requests from your machine. They do not see : and cannot see : the contents of your Slack messages, HubSpot deals, Snowflake queries, or any other authorized vendor data.

Where things run

The website

Static files on Cloudflare Pages. No application server. No database. No user accounts.

The CLI (`npx pace-tools`)

Runs locally on your machine. Wraps claude plugin commands. The CLI never establishes outbound connections to a Pace-controlled server beyond reading the public catalog JSON.

Plugin skills

Live inside your Claude Code / Cowork install at ~/.claude/plugins/cache/pace/<plugin>/<version>/. The skill text (a SKILL.md per skill) is loaded into your AI harness context when the skill triggers. Nothing in Pace's deploy hosts these executions.

Scheduled Routines

Routines (the cookbook's automation primitive) run on Anthropic's cloud infrastructure, not on Pace's. When a Routine fires, it spawns a Claude Code cloud session with your authorized connectors. Anthropic's privacy + security policies govern that execution.

OAuth tokens + credentials

Pace plugins never store credentials. The flow:

You run a skill that needs a connector (e.g. HubSpot).
Claude Code opens an OAuth window pointed at the vendor's auth server.
You sign in to the vendor; the vendor issues a token scoped to whatever permissions you approved.
Claude Code stores the token in its own credential store on your machine (macOS Keychain on Mac; Windows Credential Manager on Windows; libsecret on Linux). Pace does not have access to it.
Subsequent MCP calls authenticate with the stored token. Tokens refresh per the vendor's lifecycle.

Revoke access at any time from the vendor's account settings. The token disappears; the next skill run prompts a new OAuth flow.

Sub-processors and dependencies

Pace itself has no sub-processors because it has no customer data to process. The trust chain runs from your machine to:

Anthropic: Claude Code, Cowork desktop app, Routines. Privacy policy · trust.anthropic.com
Cloudflare: hosts the static pace.tools site. Logs are subject to Cloudflare's policy.
GitHub: hosts the source repo + marketplace clone target. Privacy statement.
npm: hosts the pace-tools package. Standard registry distribution.
Each MCP vendor: Slack, HubSpot, Snowflake, Notion, etc. Their privacy + security policies govern data they hold.

What Pace can and can't see

Pace can see: public HTTPS requests to pace.tools (Cloudflare access logs : standard IP, user-agent, path), GitHub stars / forks / issues (public).

Pace cannot see: your authorized vendor data, your tokens, your plugin executions, your Claude conversations, your Cowork sessions, your skill outputs.

Self-hosting

Pace is Apache-2.0. To fully isolate from Pace's infrastructure:

Fork github.com/GoldenBerry-SO/Pace to your org.
Host your fork's marketplace.json on internal infrastructure (or use the GitHub raw URL).
Point claude plugin marketplace add <your-org>/<your-fork> at your fork.

No requests touch pace.tools or goldenberry.so. You inherit the whole posture; Anthropic + vendor relationships remain.

GDPR, CCPA, and similar

Pace processes no personal data of website visitors beyond what Cloudflare's edge logs hold for security. The CLI processes no personal data on Pace-controlled infrastructure at all.

Plugin executions and connector data are processed by Anthropic + the vendor MCP servers, not by Pace. Refer to each vendor's GDPR posture for the regulatory frame on the data they hold.

Vulnerability disclosure

Found a security issue? Email hello@goldenberry.so with the details. Use subject prefix [security]. We confirm receipt within 2 business days.

Pace is open source; once a fix lands and a release ships, we credit the reporter (with their permission) in the release notes. We do not run a bug bounty; volunteer reports are appreciated.

For acute issues in Anthropic infrastructure or a specific vendor's MCP server, contact that vendor directly : we can't fix what isn't ours.

Audit + compliance posture

Pace itself is not SOC2 / ISO / FedRAMP certified, because Pace is software code that runs on your infrastructure, not a SaaS application that processes your data. The compliance question for adoption is about Anthropic (the Routines + Cowork host) and each vendor you connect.

If your security team needs Pace-specific attestations beyond what's documented here, email hello@goldenberry.so with what you need. We are a small team and respond honestly about what we can sign.