MojoDocs - Privacy-First Tools
/Security
Security Audit Report

Security & Privacy
Whitepaper

A technical breakdown of the Mojodocs Local-First Architecture, outlining how we achieve data sovereignty, zero-knowledge processing, and threat mitigation.

Version: 2.4.0Last Updated: March 2024

Executive Summary

Mojodocs operates on a "Local-First" paradigm. Unlike traditional SaaS applications where data is transmitted to a remote server for processing, Mojodocs delivers the processing engine (WebAssembly) to the user's device. This inversion of control ensures that sensitive user data never leaves the user's physical hardware, rendering remote data breaches technically impossible.

# System Architecture

The application is architected as a static Progressive Web App (PWA). It is served via a Content Delivery Network (CDN) but executes entirely within the client's browser sandbox.

Traditional SaaS
User Upload→ Internet →Server
ProcessingRemote CPUCloud DB
Result← Internet ←Download
Mojodocs Architecture
Input↔ In-Memory ↔WASM Core
(NO NETWORK TRAVERSAL)
Result Generated Locally

We utilize WebAssembly (WASM) binaries compiled from high-performance C++/Rust libraries (e.g., FFmpeg, ImageMagick, Ghostscript). These binaries are downloaded once and cached. When a user selects a file, the browser passes a reference to the file directly to the WASM module within the browser's memory heap.

# Proof of No-Upload (Verification)

We believe trust should be verifiable. Any user can audit the network traffic of Mojodocs to verify that no file data is being transmitted.

Audit Steps
  1. Open Mojodocs in Chrome/Firefox.
  2. Open Developer Tools (F12 or Cmd+Opt+I).
  3. Navigate to the Network tab.
  4. Disconnect your WiFi/Internet (Optional, to prove offline capability).
  5. Drag and drop a file into any tool (e.g., PDF Merger).
  6. Observe the Network tab.
Expected Result: You will see zero new network requests generated during the processing phase. The "Status" column will show no POST/PUT requests transferring your file size.

# Threat Model & Mitigations

Threat VectorRisk Analysis & Mitigation
Man-in-the-Middle (MITM)Risk: Interception of data in transit.Mitigation: Since files are not transmitted, there is no transit to intercept. The application code itself is delivered via HTTPS (TLS 1.3) with HSTS enabled.
Server BreachRisk: Attacker gains access to backend database.Mitigation: Mojodocs has no database. We do not store user files, accounts, or logs. A compromise of our hosting provider (CDN) would only affect the static assets, not user data.
Cross-Site Scripting (XSS)Risk: Malicious script injection.Mitigation: Strict Content Security Policy (CSP). No third-party ad networks. WASM runs in a separate memory space.

# Data Lifecycle & Encryption

Data processed by Mojodocs follows an ephemeral lifecycle.

1. Ingestion

File is read into browser Blob or ArrayBuffer. It resides in the device's Random Access Memory (RAM).

2. Processing

The WASM engine processes the buffer in a sandboxed memory heap. The browser's security model prevents access to other system files.

3. Destruction

Upon closing the tab or refreshing the page, the browser's garbage collector frees the memory allocation. The data is irretrievably lost.

Request a Vendor Security Assessment

Need a formal security questionnaire (SIG Lite, CAIQ) filled out for your procurement team? We are happy to provide detailed documentation for enterprise deployments.

WebAssembly
Client-Side Engine
Zero Latency
Processing Speed
0.00 KB
Data Retention
AES-256
Security Standard