Scrub MetadataPrivacy First Compliance Platform

Security Architecture

Security Through Architecture,
Not Just Promises

100% client-side processing means your files never reach our servers. We can't breach what we don't have.

Verify it yourself: Open DevTools → Network tab → Process any file → Watch for uploads. You won't find any.

Zero-Upload Architecture

Files are processed entirely in your browser using WebAssembly and modern browser APIs.

What Stays Local

File contents (never transmitted)
Metadata during processing
Intermediate processing data
Output files (downloaded to your device)

What We Store (With Your Consent)

Account information
Compliance records (RoPA, DPIA, etc.)
Audit logs (actions, not file contents)
Processing statistics (anonymized)

25 Security Checkpoints

Defense-in-depth security across five categories.

Data Protection

100% client-side file processing
AES-256 encryption at rest
TLS 1.3 in transit
Zero file uploads
No server-side file storage

Access Control

Role-based access control (RBAC)
Multi-factor authentication
SAML 2.0 / OIDC SSO
JIT user provisioning
Session management

Audit & Compliance

SHA-256 hash-chained audit logs
Tamper-evident records
7-year log retention
SOC 2 Type II ready
ISO 27001 aligned

Infrastructure

99.9% uptime SLA
Circuit breakers
Rate limiting
DDoS protection
Geographic redundancy

Application Security

OWASP Top 10 protection
SQL injection prevention
XSS prevention
CSRF protection
Input validation

Legally Admissible Evidence

Cryptographic Audit Trail

Every action is cryptographically signed and hash-chained. Court-admissible proof of metadata removal.

🔐How It Works

SHA-256 Hash of Original File

Unique fingerprint before processing

SHA-256 Hash of Cleaned File

Unique fingerprint after processing

ECDSA P-256 Digital Signature

Cryptographic proof of authenticity

Hash-Chained Log Entries

Tamper-evident sequential records

// Cryptographic Certificate

{

"timestamp": "2026-02-06T14:32:00Z",

"operation": "METADATA_REMOVAL",

"original_hash": "sha256:a7f3b2...",

"cleaned_hash": "sha256:c9d4e1...",

"fields_removed": [

"GPS_Latitude",

"GPS_Longitude",

"Author"

"signature": "ECDSA-P256:MEU...",

"prev_hash": "sha256:b8e2f1..."

}

✓ Tamper-evident • ✓ Hash-chained • ✓ Court-admissible

⚖️

Legal Evidence

Court-admissible proof that specific metadata was removed at specific times.

🔗

Tamper-Evident

Hash-chaining ensures any modification to historical records is immediately detectable.

📜

7-Year Retention

Audit logs retained for 7 years per regulatory requirements. Full export available.

Compliance Framework Coverage

🔒

SOC 2 Type II

Automated evidence collection and control testing

🏛️

ISO 27001

Information security management aligned

🏥

HIPAA

PHI never uploaded, BAA available on request

🇪🇺

GDPR

Article 32 technical measures implemented

💳

PCI DSS

No cardholder data processed or stored

🏢

NIST CSF

Cybersecurity framework controls mapped

Questions about our security architecture?

Request our security documentation or schedule a technical review.

Security Through Architecture,Not Just Promises