Security FAQ

Nội dung này hiện chưa có sẵn bằng ngôn ngữ của bạn.

This page collects the questions we hear most often from OEM security and legal teams. For the underlying details, see Data flow and privacy.

Q. Does drawtonomy upload my road designs, scenarios, or any other edit data?

No. drawtonomy is a browser-only editor with no application backend. There is no feature that uploads shape data, OpenDRIVE files, OpenSCENARIO files, or any other edit content to drawtonomy or to a third party. You can verify this yourself in the browser’s developer tools — see Verifying this yourself.

Q. Where does the esmini scenario playback run?

In your browser. drawtonomy uses esmini compiled to WebAssembly. The .xosc, .xodr, and catalog files you load are read by esmini from an in-memory virtual filesystem inside the same browser tab. They do not travel over the network. See the esmini player is fully local.

Q. We need to use drawtonomy with no outbound internet access at all. Is that possible?

Yes, today. Turn off the map background, skip the “Generate Lanes from OSM” tool and the place-name search, and you have a fully offline session. See Offline usage for the step-by-step checklist. A single-toggle “Offline mode” is on the roadmap to make this easier.

Q. Does drawtonomy use any analytics, telemetry, or crash-reporting service?

The hosted version at drawtonomy.com counts anonymous page views via Google Analytics 4. No edit data, file contents, or identifying information is sent. drawtonomy does not integrate Sentry, PostHog, Datadog, Mixpanel, Amplitude, or any other third-party crash / telemetry SDK.

Q. What is stored in my browser?

UI preferences only — map background mode, default lane color, snap settings, optional AI provider settings. Your shape data, OpenDRIVE files, and OpenSCENARIO files are not auto-persisted to browser storage — they live in runtime memory and are only saved when you explicitly export them to a file. drawtonomy does not use cookies, IndexedDB, or a service worker.

Q. Does drawtonomy require user accounts or authentication?

No. There is no login flow, no account system, and no server-side user database. drawtonomy is used anonymously.

Q. The AI Scene Generator sends data to an LLM. How is that handled?

The AI Scene Generator is an extension, not a built-in feature. It ships disabled and is only active when you open the Extensions panel and pick it. While it is in use:

You choose the provider. Anthropic Claude, OpenAI GPT, or Google Gemini. The request goes directly from your browser to that provider’s API; drawtonomy does not proxy the request.
Your API key stays in your browser. It is stored in localStorage on your machine and is never sent anywhere other than the provider you configured.
Only the prompt text is sent. The natural-language description, OpenSCENARIO XML, or DSL input you paste into the panel is sent to the provider. Your existing canvas — the shapes you have already drawn — is not included in the request.
The response builds shapes locally. The LLM returns a scene description that the extension parses and turns into normal drawtonomy shapes inside your browser.

If your security team has specific requirements for AI-feature governance (for example, routing requests to Azure OpenAI with a private endpoint, or to an internal LLM gateway), please raise them via the channels below — we plan to make the provider endpoint configurable. Until then, the simplest mitigation is to not enable the extension.

Note: this is a separate feature from the OSM-based “Generate Lanes from OSM” tool, which uses public OSM map data and does not send anything to an LLM.

Reach out via the channels listed on the Contact page. We are prioritising OEM-grade trust documentation (subprocessor list, data-residency statement, supplier security questionnaire responses) and will engage directly with serious evaluators.