GDPR COMPLIANT /// ZERO TELEMETRY /// SOC2 READY /// AIR-GAP CAPABLE /// HIPAA COMPLIANT /// LOCAL INFERENCE /// NIS2 READY /// GDPR COMPLIANT /// ZERO TELEMETRY /// SOC2 READY /// AIR-GAP CAPABLE /// HIPAA COMPLIANT /// LOCAL INFERENCE /// NIS2 READY
Security
How we protect your data, our architecture, and our commitment to transparency.
Threat Model
Our products assume a hostile network environment. All data processing occurs locally — we operate under the assumption that any data transmitted externally is compromised. Our threat model covers: data exfiltration, model poisoning, side-channel inference, and unauthorized access.
Data Handling
Audio, text, and embeddings are processed in-memory and written to disk only when explicitly requested by the user. All on-disk data is encrypted with AES-256. No data is transmitted to external servers. No usage analytics are collected.
Encryption
AES-256-GCM for data at rest. TLS 1.3 for any local network communication (e.g., local API). Key derivation via Argon2id. Encryption keys are stored in the platform's secure keychain (macOS Keychain, Windows DPAPI, Linux Secret Service).
Telemetry Policy
Our products collect zero telemetry by default. No usage data, no crash reports, no "anonymous" analytics. Optional crash reporting can be enabled by the user — when enabled, reports contain only stack traces and are transmitted via encrypted channel.
Offline Mode
All products are designed to operate fully offline after initial installation. License activation supports offline mode (enterprise). Updates are delivered as signed packages that can be sideloaded in air-gapped environments.
Responsible Disclosure
If you discover a security vulnerability in any Hesperia Labs product, please report it responsibly. We commit to acknowledging receipt within 24 hours and providing a substantive response within 72 hours.
security@hesperialabs.com