Security model

Where data lives. What crosses the wire. What never does.

Principles

Workbook stays on your machine. The .xlsx file is never uploaded. Period.
Minimum context. Only what the AI needs to answer goes over the wire — sheet names, header rows, sample rows, the specific ranges you ask about. Typically a few KB per chat turn.
Encrypted credentials. ERP keys and OAuth refresh tokens are encrypted at rest with Windows DPAPI, tied to your Windows user account. Cannot be decrypted by another user or on another machine.
Audited writes. Every cell HISAB writes is logged with before/after values, timestamp, user, and the chat turn that triggered it.
Local-only MCP. The Model Context Protocol server binds to 127.0.0.1 only — never reachable from your LAN, never exposed to the internet.

Data	Where it lives	Encrypted	Sent over wire?
Your `.xlsx` workbook	Wherever you put it	Per your OS settings	Never
Sheet context (per turn)	RAM only	TLS to AI provider	Yes — to AI only
Chat history	`%APPDATA%\HISAB\chats\`	NTFS permissions	No
Audit log	`%APPDATA%\HISAB\audit.db`	NTFS permissions	No
ERP credentials	`%APPDATA%\HISAB\credentials.dat`	DPAPI (per-user)	To ERP API only, over TLS
Skill code (yours)	`%APPDATA%\HISAB\skills\`	NTFS permissions	No
MCP bearer token	`%APPDATA%\HISAB\mcp-token.txt`	DPAPI (per-user)	Localhost only

Set in Settings → Operating mode:

Strict — AI can read and propose; you approve every write. Suitable for production books during close.
Default — Reads run freely; non-destructive writes auto-execute; destructive writes (deletes, ERP pushes) need approval. Good for daily use.
Auto — Everything executes, but every write is still journaled. Use only when you trust the workflow (e.g. running an established skill).

Security disclosures: email security@hisab360.com. PGP key on our security page.