Security model

Where data lives. What crosses the wire. What never does.

You drive your own AI

HISAB 360 does not run a hosted AI service and never resells tokens. It drives your own AI CLI — Anthropic's Claude Code or OpenAI's Codex — that you install and sign in to with your own account. Your AI usage is billed to you directly by Anthropic or OpenAI; HISAB is never in the middle of that billing or that data path.

That means the only network calls HISAB makes on your behalf are the ones you ask for: the AI calls your installed CLI makes to its provider, and any ERP/connector calls you run. There is no HISAB-operated inference backend that sees your workbook.

Principles

Data classification

"Sent over wire?" below means leaving your machine. The AI column goes to whichever provider you signed your CLI in to (Anthropic or OpenAI) — never to HISAB.

DataWhere it livesEncryptedSent over wire?
Your .xlsx workbookWherever you put itPer your OS settingsNever
Sheet context (per turn)Passed to your local AI CLITLS, CLI → providerTo your AI provider only
AI sign-in credentialsYour CLI's own files (e.g. ~/.claude.json)Per the CLITo your AI provider only
ERP credentialsOn your machine, under your Windows userDPAPI (per-user)To that ERP's API only, over TLS

The local MCP server

HISAB runs a small Model Context Protocol server inside Excel, on localhost. Your AI CLI connects to it; the MCP pill at the top of the chat tab goes from amber (server up, no client traffic yet) to green (a client is actively connected) to show the live link. The tools it exposes cover reading and writing ranges, writing formulas, running Python in the sandbox, listing and running skills, and the ERP connectors. For the exact tool names and inputs, see the MCP API reference.

Operating modes & approvals

Pick a mode from the chip in the chat breadcrumb (also in Settings):

When a write is queued for approval, it surfaces as a card you Approve or Reject; you can also choose "Approve for session" to stop being prompted for the rest of that chat session. See Approvals & safety for the full flow.

Licensing

Your HISAB account is licensed for your plan and validated with our server. The licence is verified securely — it can't be unlocked by editing local files or by pointing the add-in at a fake server.

Security disclosures: found a vulnerability? Please email support@hisab360.net.