DaySpire Technical
Security Specifications
An in-depth review of the local storage cryptographic blocks, Rust control boundaries, and system interfaces driving DaySpire's time intelligence software.
1. Local Database & On-Device Encryption
DaySpire stores active app captures, focus metrics, and text transcripts in a unified SQLite ledger protected by 256-bit AES encryption. The database is keyed via an on-device credential managed securely by the macOS Keychain.
2. In-Process Core Processor Sandbox
Unlike traditional desktop frameworks that spin up local HTTP model servers or loopback TCP sockets (which expose your machine to cross-origin extraction risks), DaySpire compiles its entire processing core directly into the native macOS app.
This ensures all calls to the local engines, speech-to-text systems, and database search indices occur directly in-memory under strict macOS process boundaries, removing loopback port-binding vulnerabilities and local token authentication layers completely.
3. Cryptographic Deduplication & Audit Logs
All documents and screenshots imported manually by you as project evidence undergo SHA-256 block hashing prior to ingestion. This guarantees complete audit traceability: exports are structurally tied to verified database blocks, and the local file system contains no duplicated data clutter.
Every timecard edit or approval is logged to an immutable ledger append stream, giving corporate auditing departments complete confidence in billing integrity.
4. Threat Model & Security Scope
We believe in absolute transparency about what DaySpire protects against and what it does not:
Protected Against
- Corporate data leaks
- Cloud backend infrastructure data breaches
- Network intercept/MITM of private files
- Aggressive marketing telemetry tracking
Out of Scope
- Physical theft of an un-encrypted Mac
- Admin-level malware running locally
- Insecure manual file exports