Trust and Transparency

TinyPilot devices don’t hide hardware or software surprises. There are no covert radios, no microphones wired to unknown ICs, and no background connections to cloud services we operate. The system runs what you see, and we publish what’s inside.

Our firmware is built from a lean set of well-known open-source components, and the full image is assembled and signed on infrastructure we control. Most of the TinyPilot application layer is public on GitHub, and our releases include no management agents, telemetry collectors, analytics hooks, or “phone-home” behavior.

We publish a Software Bill of Materials (SBOM) for every major release so customers can review the TinyPilot application stack and validate what is running inside their network.

TinyPilot controls the hardware and firmware supply chain end to end. Custom carrier boards are manufactured to our specifications by a contract manufacturer in China and are delivered without storage or firmware. The system-on-module (containing CPU and memory) is sourced through authorized U.S. distribution. All storage installation, firmware flashing, and functional testing are performed by TinyPilot staff in the United States before shipment.

• No outbound cloud connections unless you explicitly enable one
• No hidden audio paths or dormant hardware listeners
• No bundled remote-management agents
• No telemetry brokers, analytics services, or silent network traffic

Transparency shouldn’t be rare in infrastructure tools. TinyPilot is built so you can confirm what runs inside your network.

If you have any questions or concerns, please reach out to our security team.