Seguridad

Cómo protegemos tus datos, nuestra arquitectura y nuestro compromiso con la transparencia.

Modelo de Amenazas

Our products assume a hostile network environment. All data processing occurs locally — we operate under the assumption that any data transmitted externally is compromised. Our threat model covers: data exfiltration, model poisoning, side-channel inference, and unauthorized access.

Manejo de Datos

Audio, text, and embeddings are processed in-memory and written to disk only when explicitly requested by the user. All on-disk data is encrypted with AES-256. No data is transmitted to external servers. No usage analytics are collected.

Cifrado

AES-256-GCM for data at rest. TLS 1.3 for any local network communication (e.g., local API). Key derivation via Argon2id. Encryption keys are stored in the platform's secure keychain (macOS Keychain, Windows DPAPI, Linux Secret Service).

Política de Telemetría

Our products collect zero telemetry by default. No usage data, no crash reports, no "anonymous" analytics. Optional crash reporting can be enabled by the user — when enabled, reports contain only stack traces and are transmitted via encrypted channel.

Modo Offline

All products are designed to operate fully offline after initial installation. License activation supports offline mode (enterprise). Updates are delivered as signed packages that can be sideloaded in air-gapped environments.

Divulgación Responsable

If you discover a security vulnerability in any Hesperia Labs product, please report it responsibly. We commit to acknowledging receipt within 24 hours and providing a substantive response within 72 hours.

security@hesperialabs.com