Data Flow and Security
How data moves through Macro—and how it's protected.
Data Flow Architecture
User action → Privacy checks → Policy enforcement → Execution
Every action passes through security layers before execution.
Local-First Data Storage
Everything stored locally:
Cookies (per-profile jars)
Browsing history (if enabled)
Saved passwords (encrypted)
Private keys (zero-knowledge vault)
Processing happens in-memory only
Communication Data
E2EE message keys stored locally
Call history (metadata only, minimal)
Encrypted file cache (temporary)
Zero-Knowledge Vault
Secure local storage:
Keys derived from user password
Hardware-backed encryption when available (TPM, Secure Enclave)
Biometric unlock (optional)
Auto-lock after inactivity
No cloud backup (unless explicitly enabled by user)
Zero data collection:
Crash reports to external servers
Local-Only Crash Handling
Crash logs stored locally
User can optionally export for support
Never automatically transmitted
Network Data Flow
Privacy-preserving network architecture:
With VPN Enabled
User → Entry Node → Relay Nodes → Exit Node → Destination
Each hop encrypted separately
Exit node sees destination, not origin
Entry node sees origin, not destination
User → ISP → Destination
HTTPS encryption protects content
DNS over HTTPS prevents query snooping
Referrer stripping limits tracking
Transaction Data Flow
Signing Sandbox intercepts all wallet interactions:
Signing Sandbox intercepts
Translation engine decodes transaction
Policy engine checks rules
User shown plain English + risk level
If approved, signature executed
Transaction logged locally (audit trail)
No transaction data sent externally during this process.
Local processing only:
Page content analyzed locally
AI model processes on-device
AI sees page content but never transmits it.
Communication Data Flow
E2EE architecture:
User A → Encrypted → Signal Server (routing only) → Encrypted → User B
Minimal metadata (connection time only)
User A → Encrypted → Message Server (store-and-forward) → Encrypted → User B
Signal Protocol encryption
Server stores encrypted messages temporarily
No message content visible to server
User A → Encrypted → Temporary Storage → Encrypted → User B
Files encrypted before upload
Automatic deletion after retrieval
No server-side decryption possible
Update Security
Secure update mechanism:
Macro checks for updates (configurable frequency)
Update manifest downloaded
Signature verification (code signing)
Delta update downloaded (bandwidth efficient)
Code signing prevents tampered updates
HTTPS for update downloads
Rollback capability if update fails
What Macro protects against:
Website tracking (via fingerprint randomization, tracker blocking)
Wallet drainage (via Signing Sandbox)
Metadata leakage (via E2EE comms, Privacy Profiles)
Cross-site correlation (via cookie isolation)
Not Protected (by design)
User installing malware outside Macro
User sharing passwords/keys externally
Physical access to unlocked device
Security Best Practices
Recommended user practices:
Use strong master password for vault
Enable hardware wallet for large transactions
Keep OS and Macro updated
Use different profiles for different contexts
Enable kill switch for VPN on sensitive profiles
Review dApp permissions regularly
Local-first. Zero-knowledge. Encrypted end-to-end.
Last updated
