Security

ComplianceGuard is designed with a zero-knowledge architecture. Your compliance evidence, AWS credentials, and audit reports never leave your machine unless you explicitly choose to sync them. The desktop application stores all data in a local SQLite database encrypted at the application layer.

AWS credentials are encrypted at rest using HKDF-SHA256 derived Fernet keys before being stored locally. They are never transmitted to ComplianceGuard servers.

Pro license verification uses Ed25519 public-key cryptography. Only the public key ships with the binary. License validation is performed locally — no network call is required to verify a valid license.

ComplianceGuard is BSL 1.1 open-core. The full source code is readable at github.com/Egyan07/ComplianceGuard. You can audit exactly what the application reads from your machine.

If you discover a security vulnerability in ComplianceGuard, please disclose it responsibly by emailing alexisegyan1232@gmail.com with the subject "Security Disclosure." We will respond within 72 hours. We do not currently offer a bug bounty programme but will credit researchers who report valid vulnerabilities.

Only the latest release of ComplianceGuard receives security updates. We recommend always running the latest version available at github.com/Egyan07/ComplianceGuard/releases.

alexisegyan1232@gmail.com