Security Policy

Effective date: February 2026

Design principles

• Offline by default. The software makes no network connections. It reads and writes only the files you explicitly point it at.
• No telemetry. No usage data, crash reports, or analytics are collected or transmitted.
• Local-only. All processing happens on your machine. No data leaves your environment.
• Deterministic. Same inputs produce the same outputs, every time.

What it does not do

• Does not connect to the internet
• Does not access databases or cloud services
• Does not modify files outside the specified output paths
• Does not collect or transmit personal information

Verification

Release zips include SHA-256 checksums in RELEASE_MANIFEST.json. You can verify the integrity of downloaded files against these checksums. See SECURITY.md in the download for step-by-step verification instructions.

Responsible disclosure

If you discover a security issue in any product distributed through alexkphd.com, please report it to support@alexkphd.com with the subject line "Security Report".

Reports will be acknowledged within 5 business days. Confirmed issues will be addressed in the next release.

Contact

support@alexkphd.com