Website

Data Flow & Security

Data Flow and Security

How data moves through Macro—and how it's protected.

Data Flow Overview
Web Browsing Flow
Web3 Transaction Flow
Search Query Flow

Data Flow Architecture

User action → Privacy checks → Policy enforcement → Execution

Every action passes through security layers before execution.

Local-First Data Storage

Everything stored locally:

Profile Data

  • Cookies (per-profile jars)

  • Browsing history (if enabled)

  • Bookmarks

  • Saved passwords (encrypted)

  • Extension data (minimal)

Wallet Data

  • Private keys (zero-knowledge vault)

  • Transaction history

  • dApp permissions

  • Address book

AI Data

  • No query storage

  • No conversation logs

  • Processing happens in-memory only

  • Zero telemetry

Communication Data

  • E2EE message keys stored locally

  • Call history (metadata only, minimal)

  • Encrypted file cache (temporary)

Zero-Knowledge Vault

Secure local storage:

Encryption

  • AES-256-GCM encryption

  • Keys derived from user password

  • Hardware-backed encryption when available (TPM, Secure Enclave)

  • No plaintext storage

What's Stored

  • Wallet private keys

  • Seed phrases

  • Saved passwords

  • E2EE communication keys

Access Control

  • Master password required

  • Biometric unlock (optional)

  • Auto-lock after inactivity

  • No cloud backup (unless explicitly enabled by user)

No Telemetry

Zero data collection:

Not Collected

  • Browsing history

  • Search queries

  • Usage analytics

  • Crash reports to external servers

  • Feature usage metrics

  • Performance telemetry

Local-Only Crash Handling

  • Crash logs stored locally

  • User can optionally export for support

  • Never automatically transmitted

Network Data Flow

Privacy-preserving network architecture:

With VPN Enabled

User → Entry Node → Relay Nodes → Exit Node → Destination

  • Each hop encrypted separately

  • No hop sees full path

  • Exit node sees destination, not origin

  • Entry node sees origin, not destination

Without VPN

User → ISP → Destination

  • HTTPS encryption protects content

  • DNS over HTTPS prevents query snooping

  • Referrer stripping limits tracking

Transaction Data Flow

Signing Sandbox intercepts all wallet interactions:

  1. dApp requests signature

  2. Signing Sandbox intercepts

  3. Translation engine decodes transaction

  4. Policy engine checks rules

  5. Risk assessment assigned

  6. User shown plain English + risk level

  7. User approves/rejects

  8. If approved, signature executed

  9. Transaction logged locally (audit trail)

No transaction data sent externally during this process.

AI Data Flow

Local processing only:

  1. User invokes AI on page

  2. Page content analyzed locally

  3. AI model processes on-device

  4. Response generated

  5. No external API calls

  6. No query logging

AI sees page content but never transmits it.

Communication Data Flow

E2EE architecture:

Calls

User A → Encrypted → Signal Server (routing only) → Encrypted → User B

  • End-to-end encryption

  • Server can't decrypt

  • No call content stored

  • Minimal metadata (connection time only)

Messages

User A → Encrypted → Message Server (store-and-forward) → Encrypted → User B

  • Signal Protocol encryption

  • Server stores encrypted messages temporarily

  • No message content visible to server

  • Forward secrecy

File Sharing

User A → Encrypted → Temporary Storage → Encrypted → User B

  • Files encrypted before upload

  • Automatic deletion after retrieval

  • No server-side decryption possible

Update Security

Secure update mechanism:

Update Process

  1. Macro checks for updates (configurable frequency)

  2. Update manifest downloaded

  3. Signature verification (code signing)

  4. Delta update downloaded (bandwidth efficient)

  5. Signature verified again

  6. Applied on restart

Protections

  • Code signing prevents tampered updates

  • HTTPS for update downloads

  • Checksum verification

  • Rollback capability if update fails

Threat Model

What Macro protects against:

Protected

  • ISP tracking (via VPN)

  • Website tracking (via fingerprint randomization, tracker blocking)

  • Wallet drainage (via Signing Sandbox)

  • Metadata leakage (via E2EE comms, Privacy Profiles)

  • Cross-site correlation (via cookie isolation)

Not Protected (by design)

  • User installing malware outside Macro

  • Compromised OS/hardware

  • User sharing passwords/keys externally

  • Physical access to unlocked device

Security Best Practices

Recommended user practices:

  • Use strong master password for vault

  • Enable hardware wallet for large transactions

  • Keep OS and Macro updated

  • Use different profiles for different contexts

  • Enable kill switch for VPN on sensitive profiles

  • Review dApp permissions regularly

Local-first. Zero-knowledge. Encrypted end-to-end.

PreviousNetwork ArchitectureNextArchitecture Decisions

Last updated