Security
Privacy isn't a feature. It's the architecture.
Local-first by default. End-to-end encrypted by design. Open source so you do not have to take our word for it.
Where your data lives
Stays on your machine, always
- · Chat history
- · Local files in your workspace
- · Voice transcripts
- · Wallet seed (BIP-39, never transmitted)
- · Local model weights and inference
Crosses to the network only when you ask
- · Tier 2 inference requests (encrypted in transit)
- · Files you choose to replicate (encrypted before leaving disk)
- · Public-vault publications (you decide what is public)
How encryption works
At rest
AES-256-GCM. Vault keys derived from your local passphrase via a memory-hard KDF. Two DIOs with different passphrases cannot read each other's bytes — even on the same disk.
In transit
libsodium-backed sealed boxes between peers. No protocol downgrade.
On the network
Replicated files are split, encrypted, and distributed. Hosters serve ciphertext only; the keys never leave your DIO.
Wallet security
One BIP-39 mnemonic. Domain-separated derivation: secp256k1 for Bitcoin compatibility, Ed25519 for AVADIOS chain transactions. The two keypairs share no bytes. Sign in your DIO; the seed never touches the network.
Prompt-injection defense
Files dropped into the Library are untrusted input. DIO summarizes them through a quarantined sanitizer with a hardened system prompt, validates the output against a strict schema, and tags the content as data-not-instruction whenever a model sees it. Layered defenses so one miss doesn't poison the agent.
Auditability
Every visible action DIO takes is logged in a BLAKE3 hash-chained journal. Each entry references the previous one's hash; tampering breaks the chain.
The full source is open. Builds are reproducible. Release binaries publish SHA256 checksums alongside signing keys.
Report a vulnerability
Email security@avadios.com. We respond within 72 hours. Coordinated disclosure preferred.