SECURITY

Nothing to breach. Nothing to subpoena.

Locke processes everything on your device. We never see your data, so there's nothing on our end to leak, hand over, or lose. See how it works in practice.

Local-First Architecture

Detection and masking happen on your device. Sensitive data never leaves it.

Zero-Knowledge Design

We can't see, access, or reconstruct your private information. Ever.

Transparent Operation

Every detection is visible. You always know what was flagged and what happened to it.

No Data Retention

We don't store your prompts, conversations, or anything you process through Locke.

How we protect you

On-device processing

All detection happens on your device — nothing is sent out for analysis. See on-device AI and zero-knowledge processing for how that's different from typical cloud tools.

Encryption standards

The little traffic that does exist — like loading this site — is encrypted with standard TLS. Your sensitive data isn't part of that traffic; it's masked before it's ever sent anywhere.

Responsible disclosure

Found a security issue? Tell us — we take reports seriously and welcome responsible disclosure. Contact us.

Independent verification

Independent, publicly verifiable scans — not marks we gave ourselves. Anyone can re-run these tests.

Blacklight Privacy Scan

The Markup

No ad-tech or third-party tracking detected

Run scan yourself

Security.txt

IETF RFC 9116

Published

View disclosure policy

SSL Report

Qualys SSL Labs

Grade A+

View full report