SECURITY

Zero-Knowledge Security Architecture

Security isn't a feature we added. It's the foundation we built on. See how it works in practice.

Local-First Architecture

Sensitive data never leaves your device. All detection and transformation happens locally.

Zero-Knowledge Design

We cannot see, access, or reconstruct your private information. Ever.

Transparent Operation

Every action is visible. You always know what's being detected and how it's being handled.

No Data Retention

We don't store your prompts, conversations, or any content you process through Sonomos.

How We Protect You

On-Device Processing

All sensitive data detection runs entirely in your browser. Your content is analyzed locally, meaning it never travels to external servers for processing. See on-device AI and zero-knowledge processing for the underlying concepts.

Encryption Standards

Any communication with our services uses industry-standard TLS encryption. We follow security best practices for all infrastructure components.

Responsible Disclosure

Found a security issue? We welcome responsible disclosure. Contact us through our contact form.

Independent Verification

We submit Sonomos to independent, publicly verifiable security and privacy scans. Anyone can re-run these tests.

Blacklight Privacy Scan

The Markup

No ad-tech or third-party tracking detected

Run scan yourself

Security.txt

IETF RFC 9116

Published

View disclosure policy

SSL Report

Qualys SSL Labs

Grade A+

View full report

Go deeper

Read the detection methodology for the math behind every metric, browse the glossary for definitions of the privacy concepts referenced here, or see the comparisons page for how this architecture differs from cloud DLP and enterprise privacy platforms.