This specification defines the Superheld privacy model: data inventory, trust boundary data flows, retention policies, feature vector transforms, and what data leaves the device under what conditions.
Audience: Privacy/security engineers, compliance officers, auditors.
Large parts of this page describe the intended product privacy architecture, not behavior that is fully confirmed by the current workspace code. In particular, transformed feature-vector upload, cloud enrichment statelessness guarantees, encrypted append-only local event storage, and the listed retention policies are not fully implemented in this repository today.
In-Scope Out-of-Scope Data inventory with classification Implementation of encryption algorithms Trust boundary data flow diagram Cloud infrastructure security controls Retention policy per data type Legal compliance analysis (GDPR, DSGVO) Feature vector transformation guarantees Marketing privacy claims Voice/audio handling Content moderation decisions
Minimum collection: Only data required for threat detection is accessedMinimum retention: Data retained only as long as operationally necessaryMinimum transmission: Only cryptographic hashes and anonymized feature vectors leave the deviceNo tracking, no ads: No analytics trackers, ad SDKs, or third-party pixelsOpt-in for extended: Additional data sharing requires explicit user consent
Data Type Access Pattern Storage Retention Message/email content Read in RAM, analyzed, discarded Volatile RAM only Immediate (discarded after analysis) Audio/call content Processed in RAM only Volatile RAM only Immediate (discarded after analysis) Files/attachments Scanned in RAM Volatile RAM only Immediate (discarded after analysis) Contact information Read for caller ID context Not stored by agent N/A Browsing history Not accessed N/A N/A Keystroke data Not accessed N/A N/A Screen recordings Not accessed N/A N/A Biometric data Not accessed N/A N/A Location data Not accessed (regular operation) N/A N/A
Data Type Derivation Storage Retention Detection events Policy Engine output AES-256 encrypted, append-only 90 days Threat classifications Detection Pipeline output AES-256 encrypted 90 days User decisions (dismiss/proceed) User interaction Local feedback loop 90 days Threat signatures (cache) Downloaded from Cloud Local storage Until next update
Data Type Form When Leaving Purpose Destination Linkable? Phone number hashes SHA-256 hash Threat intelligence lookup Cloud Enrichment API No (stateless) App signature hashes SHA-256 hash Malicious app detection Cloud Enrichment API No (stateless) Domain/URL hashes SHA-256 hash Phishing/malware lookup Cloud Enrichment API No (stateless) Feature vectors Anonymized, dimensionality-reduced Complex case escalation (deepfake, advanced NLP) AI Analysis Module No (stateless) Detection events (filtered) Redacted event objects Reporting, SIEM, webhooks Cloud relay → external Per-org (tenant-isolated) Device identifiers Encrypted License management Cloud Per-device (licensing only) Aggregated telemetry Anonymized statistics Collective threat intelligence Cloud No (opt-in, aggregated)
Core invariant: Audio and message plaintext NEVER leave the device under any circumstances.
Feature vectors are sent to the Cloud AI Analysis Module when local detection yields ambiguous results. Before transmission, vectors undergo irreversible transformation:
Property Value Status Dimensionality 128-dimensional vector Target only Transformation method PCA (dimensionality reduction) → random projection → scalar quantization (INT8) Target only Reconstruction feasibility Not practically feasible: irreversible dimensionality reduction from high-dimensional feature space to 128 dimensions, combined with quantization loss Target only Differential Privacy No formal DP applied. Privacy relies on irreversible transformation pipeline (PCA + random projection + quantization). Target only Features included Behavioral embeddings (communication patterns, timing, frequency), NLP embeddings (text structure, not content), network metadata features Target only
Feature vectors undergo a three-stage irreversible transformation: PCA dimensionality reduction, random projection, and scalar quantization (INT8). The resulting 128-dimensional vector cannot be reversed to reconstruct original input data. No formal Differential Privacy (ε, δ) is applied; privacy guarantees rely on the irreversibility of the transformation pipeline.
Question Answer Status Does the agent access audio/microphone? Microphone access patterns analyzed (when microphone is accessed by other apps) Target only Does the agent record audio? No. Audio content processed in RAM only, immediately discarded. Target only Does the agent transcribe calls? No. No audio transcription occurs, even locally. Target only What call metadata is analyzed? Phone number, timestamp, duration, STIR/SHAKEN attestation Target only Does any audio data leave the device? No Target only
Documented privacy target: “Voice patterns” refers to call metadata heuristics and behavioral signals rather than microphone audio content. This is not fully confirmed by the current workspace implementation.
Question Answer Status Does the agent access location? Not in regular operation Target only Family profiles: location notifications? Optional. Geofence zone-enter/exit events only. Target only If location is used: local-only or cloud-transmitted? Local geofence evaluation. Cloud receives only zone-enter/exit events (no coordinates). Target only Location storage/retention Geofence zones stored locally. Zone events follow standard event retention (90 days local). Target only
Data Type Location Retention Configurable? Status Account data EU (Frankfurt) Target: Until deletion + 30 days No Not confirmed by current workspace Device metadata EU Target: 90 days No Not confirmed by current workspace Detection events (local) Device Target: 90 days No Not confirmed by current workspace Detection events (cloud) EU Target: 180 days No Not confirmed by current workspace Audit logs EU Target: 12 months No Not confirmed by current workspace Aggregated metrics EU Target: 24 months (then anonymized) No Not confirmed by current workspace Threat signatures Device Target: Until next update No Not confirmed by current workspace AI analysis data Never persisted Immediate N/A Not confirmed by current workspace
Account deletion: Complete removal within 30 days. Backup overwrite within 90 days.
Layer Method Details At rest (device)AES-256 Keys in secure enclave (iOS) or keystore (Android) In transit TLS 1.3 Perfect Forward Secrecy, replay protection, downgrade prohibited; workspace agent supports optional SPKI pinning via SUPERHELD_CLOUD_PIN_SHA256, broader certificate pinning remains target Event Store AES-256 + cryptographic chaining Append-only, tamper-evident
The Cloud Enrichment API operates statelessly:
Property Guarantee Status No device ID in requests Requests not linkable to specific device Target only No user ID in requests Requests not linkable to specific user Target only No session token No cross-request correlation Target only No IP logging Client IP logged by load balancer for 7 days (security/abuse prevention only), then deleted. No long-term IP storage. Target only
Documented product target: stateless cloud enrichment without stable identifiers. The current workspace does not yet confirm the full request path or these infrastructure guarantees.
Data Type Redaction Method PII (email, name, phone) Replaced with placeholder tokens Message content Not included in any external telemetry URLs Transmitted as SHA-256 hashes; full URL stays local IP addresses Truncated to /24 (IPv4) or /48 (IPv6)
Applies to: Cloud transmission and external delivery (webhooks, API). Local Event Store retains full unredacted data.
Failure Impact Mitigation Encryption key unavailable Cannot read/write Event Store Agent enters safe mode. Events buffered in memory. Secure enclave / keystore breach Key material exposed Defense-in-depth: per-event encryption, chain integrity verification. Key rotation on suspicion. Accidental PII in telemetry Privacy violation Redaction Engine processes all events before external delivery. Automated PII scanning in CI. Feature vector de-anonymization Re-identification risk Irreversible transformation + DP (if implemented). Formal analysis required.
