Security model
Where data lives. What crosses the wire. What never does.
You drive your own AI
HISAB 360 does not run a hosted AI service and never resells tokens. It drives your own AI CLI — Anthropic's Claude Code or OpenAI's Codex — that you install and sign in to with your own account. Your AI usage is billed to you directly by Anthropic or OpenAI; HISAB is never in the middle of that billing or that data path.
That means the only network calls HISAB makes on your behalf are the ones you ask for: the AI calls your installed CLI makes to its provider, and any ERP/connector calls you run. There is no HISAB-operated inference backend that sees your workbook.
Principles
- Workbook stays on your machine. The
.xlsxfile is never uploaded to HISAB. It lives wherever you saved it. - Minimum context. Only what the AI needs to answer goes to your AI CLI — sheet names, header rows, sample rows, the specific ranges you ask about — and from there to the provider you signed in to. Typically a few KB per chat turn.
- Encrypted credentials. ERP keys and OAuth tokens you save in HISAB are encrypted at rest with Windows DPAPI (CurrentUser scope), tied to your Windows user account. They cannot be decrypted by another user or on another machine. AI sign-in credentials are not held by HISAB at all — they live in the CLI's own credential files under your Windows user (for example
~/.claude.json). - Audited writes. Every cell HISAB writes is journaled, and Action/Plan/Automate keep writes reviewable and reversible.
- Local-only AI bridge. The link between your AI CLI and HISAB runs in-process on your own machine (localhost). It is never reachable from your network and never exposed to the internet.
Data classification
"Sent over wire?" below means leaving your machine. The AI column goes to whichever provider you signed your CLI in to (Anthropic or OpenAI) — never to HISAB.
| Data | Where it lives | Encrypted | Sent over wire? |
|---|---|---|---|
Your .xlsx workbook | Wherever you put it | Per your OS settings | Never |
| Sheet context (per turn) | Passed to your local AI CLI | TLS, CLI → provider | To your AI provider only |
| AI sign-in credentials | Your CLI's own files (e.g. ~/.claude.json) | Per the CLI | To your AI provider only |
| ERP credentials | On your machine, under your Windows user | DPAPI (per-user) | To that ERP's API only, over TLS |
The local MCP server
HISAB runs a small Model Context Protocol server inside Excel, on localhost. Your AI CLI connects to it; the MCP pill at the top of the chat tab goes from amber (server up, no client traffic yet) to green (a client is actively connected) to show the live link. The tools it exposes cover reading and writing ranges, writing formulas, running Python in the sandbox, listing and running skills, and the ERP connectors. For the exact tool names and inputs, see the MCP API reference.
Operating modes & approvals
Pick a mode from the chip in the chat breadcrumb (also in Settings):
- Ask Only — the AI can read and propose; write, format, and structure tools are blocked entirely. Good for production books during close.
- Action — the AI executes directly. The Approval setting (Ask each / Auto) controls whether each write or destructive tool call is queued for your explicit approval first.
- Plan — the AI builds a step-by-step plan and write tool calls wait for your approval before they run.
- Automate — hands-off for established, trusted workflows; writes are still journaled.
When a write is queued for approval, it surfaces as a card you Approve or Reject; you can also choose "Approve for session" to stop being prompted for the rest of that chat session. See Approvals & safety for the full flow.
Licensing
Your HISAB account is licensed for your plan and validated with our server. The licence is verified securely — it can't be unlocked by editing local files or by pointing the add-in at a fake server.
- Unlimited devices, one active session. Sign in on as many machines as you like; one session is active at a time. Signing in on another machine simply takes the session over, and the previous one returns to its login screen on its next check-in.
- Works briefly offline. A short offline grace window keeps you working without a connection, then re-checks with the server once you're back online.
- 15-day trial, once per machine. The free trial is tracked per machine, so reinstalling or clearing local files doesn't reset it.