# Data Flow & Security

## <mark style="color:purple;">Data Flow and Security</mark>

How data moves through Macro—and how it's protected.

***

![Data Flow Overview](https://content.gitbook.com/content/12iOS9xiOBrGJgaaBtCR/blobs/644oaIlwRJeB2X7b1ptM/Screenshot_6.png)

![Web Browsing Flow](https://content.gitbook.com/content/12iOS9xiOBrGJgaaBtCR/blobs/eTP3hM1EhrpF80OZr5oC/Screenshot_7.png)

![Web3 Transaction Flow](https://content.gitbook.com/content/12iOS9xiOBrGJgaaBtCR/blobs/m0UkM5BrvuFDeCqJEYW6/Screenshot_8.png)

![Search Query Flow](https://content.gitbook.com/content/12iOS9xiOBrGJgaaBtCR/blobs/2vduBmSow9vDCpu2pPOA/Screenshot_9.png)

### <mark style="color:purple;">Data Flow Architecture</mark>

**User action → Privacy checks → Policy enforcement → Execution**

Every action passes through security layers before execution.

### <mark style="color:purple;">Local-First Data Storage</mark>

**Everything stored locally:**

#### Profile Data

* Cookies (per-profile jars)
* Browsing history (if enabled)
* Bookmarks
* Saved passwords (encrypted)
* Extension data (minimal)

#### Wallet Data

* Private keys (zero-knowledge vault)
* Transaction history
* dApp permissions
* Address book

#### AI Data

* No query storage
* No conversation logs
* Processing happens in-memory only
* Zero telemetry

#### Communication Data

* E2EE message keys stored locally
* Call history (metadata only, minimal)
* Encrypted file cache (temporary)

### <mark style="color:purple;">Zero-Knowledge Vault</mark>

**Secure local storage:**

#### Encryption

* AES-256-GCM encryption
* Keys derived from user password
* Hardware-backed encryption when available (TPM, Secure Enclave)
* No plaintext storage

#### What's Stored

* Wallet private keys
* Seed phrases
* Saved passwords
* E2EE communication keys

#### Access Control

* Master password required
* Biometric unlock (optional)
* Auto-lock after inactivity
* No cloud backup (unless explicitly enabled by user)

### No Telemetry

**Zero data collection:**

#### Not Collected

* Browsing history
* Search queries
* Usage analytics
* Crash reports to external servers
* Feature usage metrics
* Performance telemetry

#### Local-Only Crash Handling

* Crash logs stored locally
* User can optionally export for support
* Never automatically transmitted

### <mark style="color:purple;">Network Data Flow</mark>

**Privacy-preserving network architecture:**

#### With VPN Enabled

User → Entry Node → Relay Nodes → Exit Node → Destination

* Each hop encrypted separately
* No hop sees full path
* Exit node sees destination, not origin
* Entry node sees origin, not destination

#### Without VPN

User → ISP → Destination

* HTTPS encryption protects content
* DNS over HTTPS prevents query snooping
* Referrer stripping limits tracking

### <mark style="color:purple;">Transaction Data Flow</mark>

**Signing Sandbox intercepts all wallet interactions:**

1. dApp requests signature
2. Signing Sandbox intercepts
3. Translation engine decodes transaction
4. Policy engine checks rules
5. Risk assessment assigned
6. User shown plain English + risk level
7. User approves/rejects
8. If approved, signature executed
9. Transaction logged locally (audit trail)

No transaction data sent externally during this process.

### <mark style="color:purple;">AI Data Flow</mark>

**Local processing only:**

1. User invokes AI on page
2. Page content analyzed locally
3. AI model processes on-device
4. Response generated
5. No external API calls
6. No query logging

AI sees page content but never transmits it.

### <mark style="color:purple;">Communication Data Flow</mark>

**E2EE architecture:**

#### Calls

User A → Encrypted → Signal Server (routing only) → Encrypted → User B

* End-to-end encryption
* Server can't decrypt
* No call content stored
* Minimal metadata (connection time only)

#### Messages

User A → Encrypted → Message Server (store-and-forward) → Encrypted → User B

* Signal Protocol encryption
* Server stores encrypted messages temporarily
* No message content visible to server
* Forward secrecy

#### File Sharing

User A → Encrypted → Temporary Storage → Encrypted → User B

* Files encrypted before upload
* Automatic deletion after retrieval
* No server-side decryption possible

### <mark style="color:purple;">Update Security</mark>

**Secure update mechanism:**

#### Update Process

1. Macro checks for updates (configurable frequency)
2. Update manifest downloaded
3. Signature verification (code signing)
4. Delta update downloaded (bandwidth efficient)
5. Signature verified again
6. Applied on restart

#### Protections

* Code signing prevents tampered updates
* HTTPS for update downloads
* Checksum verification
* Rollback capability if update fails

### <mark style="color:purple;">Threat Model</mark>

**What Macro protects against:**

#### Protected

* ISP tracking (via VPN)
* Website tracking (via fingerprint randomization, tracker blocking)
* Wallet drainage (via Signing Sandbox)
* Metadata leakage (via E2EE comms, Privacy Profiles)
* Cross-site correlation (via cookie isolation)

#### Not Protected (by design)

* User installing malware outside Macro
* Compromised OS/hardware
* User sharing passwords/keys externally
* Physical access to unlocked device

### <mark style="color:purple;">Security Best Practices</mark>

**Recommended user practices:**

* Use strong master password for vault
* Enable hardware wallet for large transactions
* Keep OS and Macro updated
* Use different profiles for different contexts
* Enable kill switch for VPN on sensitive profiles
* Review dApp permissions regularly

***

Local-first. Zero-knowledge. Encrypted end-to-end.