Security Architecture

Your Data Stays
On Your Machine.

A technical explanation of how TrustArchive protects your trust data, why we cannot access it, and what that means for fiduciary accountability.

AES-256-CBC
Database encryption
via SQLCipher
Zero
External data connections
during normal use
100%
Local AI processing
no external API calls
Core Principles

Security by Architecture,
Not by Policy

Most software promises to protect your data. TrustArchive is built so that protecting your data requires no promises — it is simply not possible for us to access it.

Local-Only Storage

All data lives in a single encrypted database file on your machine. No cloud sync, no remote backup, no external servers. The file never leaves your device unless you explicitly copy it.

SQLCipher Encryption

Your database is encrypted using SQLCipher with AES-256-CBC. The encryption key is derived from your master password using PBKDF2 with 64,000 iterations. Without your password, the file is unreadable.

Zero Network Activity

TrustArchive makes no network connections during normal operation. No telemetry, no analytics, no background syncing. The only outbound connections are license validation and AI model downloads — both visible and user-initiated.

We Cannot See Your Data

This is architectural, not a promise. The software has no server-side component that could receive your trust data. Even if we wanted to access it, we have no mechanism to do so.

Master Password Architecture

Your master password never leaves your machine. It is used locally to derive the database encryption key. We store no hash of it, no recovery mechanism exists, and we cannot reset it. This is intentional.

Local AI Processing

The Agent Assistant runs entirely on your hardware via Ollama. Your queries, your trust data, and the AI responses never touch an external server. Document Intelligence (RAG) uses local embeddings with sqlite-vec.

Encryption

How Your Data Is Protected at Rest

TrustArchive uses SQLCipher, an open-source extension to SQLite that provides transparent, full-database encryption. Every byte of your data — including metadata, indexes, and free pages — is encrypted before being written to disk.

  • AES-256-CBC encryption on the entire database file
  • Key derived from your master password via PBKDF2 with 64,000 iterations
  • A 256-bit random salt is generated per database — unique to your installation
  • Page-level encryption means no partial reads are possible
  • Open source — SQLCipher is auditable by anyone
Encryption StackSQLCipher
Application Layer
Tauri + Rust backend
IPC Boundary
Validated, typed commands only
SQLCipher
AES-256-CBC full-database encryption
Key Derivation
PBKDF2 · 64,000 iterations · 256-bit salt
Disk
Encrypted .db file — unreadable without key
Audit Trail

A Cryptographically Defensible Record

Every action in TrustArchive is logged in an immutable hash chain. For fiduciaries, this is not just a convenience — it is the foundation of demonstrating that you have fulfilled your duties to beneficiaries, courts, and co-trustees.

  • What is logged: Every user action: logins, document access, journal entries, distributions, rule changes, operator profile changes, and session events.
  • How it is sealed: Each log entry is cryptographically chained to the previous one using SHA-256. Altering any entry breaks the chain, making tampering immediately detectable.
  • Immutability: Audit entries cannot be deleted or modified through the application interface. Voiding a transaction creates a new entry — the original remains.
  • Export: The full audit log can be exported to CSV for court filings, mediations, beneficiary accountings, or compliance review.
Hash Chain StructureImmutable
Entry #1 — Session opened
SHA-256: a1b2c3d4...
prev: Genesis
Entry #2 — Distribution posted $8,000
SHA-256: e5f6g7h8...
prev: a1b2c3d4
Entry #3 — Document sealed
SHA-256: i9j0k1l2...
prev: e5f6g7h8
Entry #4 — Session closed
SHA-256: m3n4o5p6...
prev: i9j0k1l2
Data We Hold

The Complete Picture of
What We Can See

For full transparency, here is the exact and complete set of data associated with your account that exists outside your machine.

Data item
Purpose
Where stored
Email address
License key delivery and renewal reminders
Supabase
License key
Subscription management
Supabase
Hardware fingerprint
Machine activation limit enforcement (one-way hash, cannot identify hardware)
Supabase
Payment details
Billing
Stripe (we never see your card)

That is the complete list. We have no access to anything inside your TrustArchive database.

Trust Boundary

What Stays Local,
What Goes Where

A clear map of every data flow in the TrustArchive system.

Your Machine — Always Local
  • ·All trust data, financial records, and journal entries
  • ·Beneficiary names, contact info, and distribution history
  • ·All uploaded and generated documents
  • ·AI queries, responses, and document embeddings
  • ·Master password and database encryption key
  • ·Audit trail hash chain
License Infrastructure — License Data Only
  • ·Your email address (Supabase)
  • ·Your license key and tier (Supabase)
  • ·Hardware activation fingerprint — one-way hash only (Supabase)
  • ·Payment method (Stripe — we never see your card details)
Never Transmitted — Ever
  • ·Any content from inside your TrustArchive database
  • ·AI queries or responses
  • ·Document contents
  • ·Your master password

Security Disclosure

If you discover a security vulnerability in TrustArchive, please report it responsibly to support@trustarchive.co. We will respond within 48 hours and work with you to address the issue before any public disclosure.

Built for Trustees Who
Take Privacy Seriously

No cloud. No data exposure. No compromises.

View PlansAsk a Question