Security Whitepaper
Last updated: March 2026
1. The Sovereign Promise
BlueArkive is a 100% offline desktop application. All audio capture, transcription, intelligent summaries, and data storage happen entirely on your own computer. Nothing is ever sent to the cloud.
Core principle: Your meeting data never leaves your machine. You hold the only keys to your information.
2. Audio Privacy
Audio is captured directly from your computer's system and microphone. The sound is processed instantly in your computer's memory to generate transcripts and is never saved as an audio file. As soon as the words are transcribed, the audio data is permanently destroyed.
- Works natively with macOS permissions
- Requires explicit microphone access
- Audio is never saved, uploaded, or shared
- Audio data is discarded immediately after transcription
3. AI Models
BlueArkive uses two on-device AI models:
- Speech Recognition Engine — State-of-the-art speech-to-text transcription, running via a GPU-accelerated runtime on Apple Silicon
- Language Model — Note expansion and summarization, running via a local inference engine
Both models are downloaded securely during the onboarding process and stored locally in
~/Library/Application Support/BlueArkive/models/. Model files are verified
using SHA-256 checksums before use. No inference requests are sent to any cloud API.
4. Data Storage & Encryption
All persistent data (meetings, transcripts, notes, entities) is stored in a local SQLite database within the app's sandboxed data directory.
- Encryption at rest: AES-256-GCM with authenticated encryption
- Key derivation: PBKDF2 with 100,000 iterations and per-user salt
-
Secret storage: Encryption keys are stored in the macOS Keychain via the
keytarlibrary — never written to disk in plaintext - Recovery: Users can generate a BIP39-compatible recovery phrase to restore access to encrypted data
5. Cloud Sync (Optional, Pro Only)
Pro users can optionally enable encrypted cloud sync for multi-device support. When enabled:
- All data is encrypted locally before upload using AES-256-GCM
- The cloud server receives only ciphertext — it cannot decrypt your data
- Local embeddings are generated before encryption to enable semantic search on ciphertext
- Conflict resolution uses CRDTs (Yjs) with vector clocks for deterministic merging
Zero-knowledge architecture: Even with full server access, BlueArkive cannot read your meetings. Decryption requires your local key, which never leaves your device.
6. Electron Security
- Context Isolation: Enabled — renderer process cannot access Node.js APIs
- Node Integration: Disabled — prevents XSS from executing system commands
- Content Security Policy: Restricts script sources, connection endpoints, and embedding
- IPC Channel Allowlists: Only whitelisted channels can send/receive data between processes
- Hardened Runtime: macOS hardened runtime enabled for notarization compatibility
7. Network Activity
BlueArkive makes zero network requests during normal recording and transcription. The only network activity occurs during:
- First launch: AI model downloads from our secure CDN (~500MB one-time)
- Auto-updates: Checks for new versions (configurable, can be disabled)
- Cloud sync (Pro, opt-in): Uploads encrypted data to sync server
There is no telemetry, no analytics, no crash reporting to external services, and no phoning home.
8. Vulnerability Disclosure
If you discover a security vulnerability in BlueArkive, please report it responsibly to security@bluearkive.com. We commit to acknowledging reports within 48 hours and providing a fix within 14 days for critical issues.