Security Audit Report

How Lumi Protects Your Data

Lumi stores everything locally on your Mac. Your resume, notes, API keys, and sessions never leave your machine. This report details every security measure in the app.

Last audited: April 2026 — All critical and high-severity findings have been resolved. 328 automated tests verify security properties on every build.

Overview

Area	Protection	Status
API keys at rest	AES-256-GCM encryption, HKDF key derivation	Pass
Playbook documents	AES-256-GCM encrypted `.enc` files	Pass
File permissions	Owner-only (0600) on all encrypted files	Pass
License verification	URL-encoded POST, format-validated, HTTPS-only	Pass
Network transport	All API calls over TLS (HTTPS)	Pass
Update integrity	Ed25519 signed `.lumi` update files	Pass
Speech processing	8-layer anti-hallucination filter	Pass
Screen sharing	`sharingType = .none` on all windows	Pass
Data residency	Everything local — no cloud, no telemetry	Pass
Account required	None — no email, no signup	Pass

Encryption

How your data is encrypted

All sensitive data (API keys, playbook documents) is encrypted using AES-256-GCM — the same standard used by banks and governments.

Algorithm: AES-256-GCM (authenticated encryption)
Key derivation: HKDF-SHA256 with salt, derived from your machine's hardware UUID
Key scope: Tied to your physical Mac — files copied to another machine cannot be decrypted
File format: .enc binary files — plaintext is never written to disk
Permissions: 0600 (owner read/write only)

Verified by tests: We save a file, read the raw bytes, and confirm that plaintext content is NOT visible. Then we decrypt and verify the content matches. This runs on every build.

What is encrypted

Data	Location	Encrypted
OpenAI API key	`~/Library/Application Support/Lumi/.*.enc`	Yes
Anthropic API key	`~/Library/Application Support/Lumi/.*.enc`	Yes
License key	`~/Library/Application Support/Lumi/.*.enc`	Yes
Playbook documents	`~/Library/Application Support/Lumi/playbooks/*.enc`	Yes
Session data	`~/Library/Application Support/Lumi/sessions/*.json`	No (JSON)
User preferences	UserDefaults	No (non-sensitive)

Network Security

Lumi only makes network requests to three services — all over HTTPS:

Service	Purpose	Data sent
OpenAI API	Whisper transcription, GPT chat, GPT-4o vision	Audio chunks, text queries, screenshots
Anthropic API	Claude chat (optional)	Text queries only
Gumroad API	License key verification	Product ID + license key (URL-encoded)

No analytics: Lumi sends zero telemetry, tracking, or usage data
No cloud storage: Your documents, transcripts, and sessions are never uploaded
No account: No email, no signup, no user tracking
API data policy: OpenAI does not use API data for training (OpenAI policy)

License Verification

When you enter a license key, Lumi verifies it with Gumroad's API:

HTTPS-only — verification request sent over TLS
URL-encoded — parameters are properly encoded to prevent injection
Format-validated — license key must match alphanumeric + hyphens pattern before any network request
Stored encrypted — verified key saved via AES-256-GCM (same as API keys)

Screen Share Invisibility

Lumi uses macOS sharingType = .none — an OS-level API that excludes windows from all screen capture APIs. This is not a CSS hack or opacity trick.

All windows — overlay, region selector, performance view all use stealth
Verified in tests — automated tests confirm sharingType and window level properties
Works with: Teams, Google Meet, Zoom (window sharing mode)
Limitation: Zoom full-screen share may show the overlay (use window mode instead)

Speech Anti-Hallucination

Whisper (OpenAI's speech-to-text) can produce garbage output from silence, music, or cross-language audio. Lumi applies 8 layers of filtering:

Layer	What it catches
1. Energy gate	Silence — no API call if audio is below energy threshold
2. Speech confidence	`no_speech_prob > 0.95` — Whisper says it's not speech
3. Language mismatch	Requested English, Whisper detected Welsh — reject
4. Script detection	Vietnamese/CJK characters in English mode — reject
5. Pattern filter	"subscribe", prompt echoes, ALL CAPS, repetitive text
6. Cross-chunk dedup	Same phrase from different audio chunks — reject duplicate
7. Music loop	3+ consecutive identical outputs — suppress as music
8. Gibberish flood	4+ consecutive short disconnected phrases — suppress as noise

37 automated tests verify the filter catches silence, Welsh, Vietnamese garbage, repetitive text, music lyrics, prompt echoes, and gibberish — while allowing normal speech through.

Update Security

Ed25519 signatures — update files (.lumi) are cryptographically signed
Tamper detection — signature is verified before any update is applied
Version check — app checks lumidesk.app/version.json on launch for newer versions

What We Don't Do

We don't collect analytics or telemetry
We don't store your documents in the cloud
We don't require an account or email
We don't access your microphone unless you explicitly enable it
We don't send audio to any server other than OpenAI's Whisper API
We don't retain your data after you delete the app folder

How to Delete All Data

Remove the app and all stored data in one step:

rm -rf ~/Library/Application\ Support/Lumi/
rm -rf /Applications/Lumi.app

This removes all encrypted API keys, playbooks, sessions, and preferences. Nothing remains.

Audit Details

Finding	Severity	Status
License key URL encoding	Critical	Fixed
Key derivation (SHA256 → HKDF)	High	Fixed
File permissions (644 → 600)	Medium	Fixed
License key format validation	Medium	Fixed
Prompt echo hallucination	Medium	Fixed
Gibberish flood detection	Medium	Fixed
Legacy encryption migration	Medium	Fixed
Update signer public key	Low	Pending (pre-release)
API keys in memory	Low	Accepted (desktop app risk model)
Certificate pinning	Low	Accepted (HTTPS sufficient)

Responsible disclosure: If you find a security issue, please email kien.15@gmail.com.