Security & Privacy

Built for privacy. Designed for trust. Auditable by default.

Core Security Principles

All LLM prompts and client data stay on your device. Nothing leaves your environment unless you explicitly allow it.

No cloud calls, no tracking, no analytics—unless you opt in. We don't know what you're doing with Menz0OS, and that's by design.

Four roles (Admin, Manager, Technician, Client) with scoped permissions. Every action is logged with user, timestamp, and input/output hashes.

All remote support requires UI confirmation. Sessions are time-bound with IP and action logging. Auto-expiry after session ends.

Local LLMs (Ollama) - All AI prompts run on-device

Zero telemetry by default - No cloud calls unless opted in

RBAC with 4 roles - Admin, Manager, Technician, Client

Full audit trails - JSON logs per user/module

Consent-gated remote access - Time-bound sessions with IP/action logging

Sandboxed plugin execution - Scoped permissions, isolated processes

GDPR/CCPA-ready - Local-only data by default

Offline-first architecture - Full feature parity without internet

Encrypted backups - Admin-controlled recovery

Compliant

Local-only data by default. No third-party processors without explicit consent.

Compliant

No tracking, no data sale, full data control. Opt-in for all cloud features.

Advisory

Secure audit trails and no cloud dependency support HIPAA requirements.

Component	Security Policy
LLM Prompts	Local-only (Ollama)
Client Data	Stored on-device
File Uploads	Scoped, hashed, auditable
Plugin Access	Scoped + logged
FleetCommand	Encrypted opt-in metrics only

We're happy to discuss our security architecture in detail.