Security Policy

Last Updated: February 15, 2026

At SAT-CHAIN LLC, security is fundamental to LISA Core. This document outlines our security practices, architecture, and your responsibilities when using our Service.

            Key Security Principle: The LISA Core Chrome Extension processes ALL conversation compression 100% locally in your browser. Your conversation data never leaves your device unless you explicitly choose to sync with the Web Application.
        

1. Architecture Overview

LISA Core is designed with a privacy-first architecture that minimizes data exposure:

Chrome Extension: Runs entirely in your browser. All parsing, compression, and hash generation occur locally.
Local Storage: Snapshots are stored in Chrome's local storage API, remaining on your device.
Web Application (Optional): Cloud synchronization is opt-in. Data is only transmitted when you explicitly choose to sync.

2. Chrome Extension Security

2.1 Local Processing

All semantic compression algorithms run entirely in your browser
Conversation parsing occurs locally without server communication
SHA-256 hash generation is performed client-side
No conversation data is transmitted during normal operation
License validation requires only your license key, not your data

2.2 Permissions

LISA Core requests only the minimum permissions necessary to function:

activeTab: To read conversations from the current AI chat tab when you initiate an export
storage: To save your snapshots and preferences locally in Chrome
downloads: To save JSON files to your computer when you choose to export

We do not request permissions for browsing history, bookmarks, or access to all websites.

2.3 Code Integrity

Extension is published on the official Chrome Web Store and subject to Google's review process
Built using Chrome's Manifest V3, the latest and most secure extension standard
No remote code execution or external script loading
No eval() or similar dynamic code execution

2.4 Supported Platforms

LISA Core only activates on specific AI platform domains:

claude.ai (Anthropic Claude)
chatgpt.com (OpenAI ChatGPT)
gemini.google.com (Google Gemini)
grok.com (xAI Grok)
chat.mistral.ai (Mistral AI)
chat.deepseek.com (DeepSeek)
copilot.microsoft.com (Microsoft Copilot)
perplexity.ai (Perplexity)

3. Web Application Security

3.1 Data Transmission

All data transmission uses HTTPS/TLS 1.3 encryption
API endpoints are secured with authentication tokens
License keys are validated on every request
No sensitive data is transmitted in URL parameters

3.2 Data Storage

Web Application hosted on Railway's secure infrastructure
Database access restricted to authenticated services only
Regular security updates and patches applied
Data encrypted at rest

3.3 Payment Security

All payments processed by Stripe, a PCI-DSS Level 1 certified provider
SAT-CHAIN LLC never stores, processes, or has access to credit card numbers
Payment tokens are handled entirely by Stripe's secure infrastructure

4. Cryptographic Security

4.1 LISA Hash

Our cryptographic verification system provides data integrity assurance:

Algorithm: SHA-256 (256-bit cryptographic hash function)
Processing: Hash computed locally in your browser
Purpose: Verify conversation integrity and detect tampering
Verification: Any modification to the data changes the hash

4.2 Hash Chain Integrity

Each snapshot cryptographically links to its predecessor
Creates an unbroken chain of custody for version history
Blockchain-inspired integrity verification
Tamper-evident: breaking the chain is immediately detectable

4.3 Code Provenance

For code snippets within conversations, LISA Core can generate provenance hashes that cryptographically link code to its conversation context, enabling verification of code origin.

5. Data Handling Practices

5.1 Data We Never Access

Conversations processed locally in the Chrome Extension
Snapshots stored in Chrome's local storage
Content of your AI interactions (unless you sync to Web App)
Your browsing history or activity on AI platforms

5.2 Data We May Access (When You Sync)

Snapshots you explicitly send to the Web Application
License key for subscription validation
Basic usage metrics (number of syncs, not content)

5.3 Data Retention

Local Storage: Data remains until you delete it or uninstall the extension
Web Application: Synced data retained until you request deletion
License Data: Retained for subscription management
Backups: Retained per standard backup policies, then purged

6. Your Security Responsibilities

To maintain the security of your data, you should:

Keep your license key confidential and do not share it
Use a strong, unique password for any associated accounts
Keep your browser and the LISA Core extension updated
Be cautious when sharing exported JSON files (they contain your conversation data)
Review snapshots before syncing to the Web Application
Use the extension only on trusted devices
Log out of shared or public computers

7. Incident Response

In the event of a security incident affecting user data:

We will investigate promptly and thoroughly
Affected users will be notified within 72 hours of confirmed breach
We will provide clear information about what data was affected
We will provide guidance on remediation steps
We will implement measures to prevent recurrence
We will cooperate with relevant authorities as required by law

8. Vulnerability Reporting

We appreciate the security research community's efforts to improve our security. If you discover a security vulnerability:

Email: security@sat-chain.com
Include detailed steps to reproduce the issue
Provide any proof-of-concept code if applicable
Allow reasonable time (90 days) for us to address the issue before public disclosure
Do not access or modify other users' data

We commit to acknowledging receipt within 48 hours and providing regular updates on our progress.

9. Compliance

LISA Core is designed with privacy and security best practices:

Local-first architecture minimizes data exposure
Encryption in transit (TLS 1.3) and at rest
Minimal data collection principle
User control over data synchronization
Right to deletion honored promptly

10. Updates to This Policy

We may update this Security Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. Significant changes will be communicated via the Website or extension update notes.

11. Contact

For security questions, concerns, or vulnerability reports:

Security Issues: security@sat-chain.com
General Inquiries: contact@sat-chain.com

← Return to LISA Core