Legal

Security

Effective June 17, 2026

Security isn't a feature bolted on at the end — it's the architecture. The less data leaves your control, the less there is to breach.

Local-first by design

Your prompts, keys, files, and agent memory are processed on infrastructure you own. The smallest possible footprint reaches us, which shrinks the attack surface from the start.

Verifiable, not assumed

  • Content-addressed data. Payloads are addressed by the hash of their contents, so tampering is detectable.
  • Post-quantum sealing. Data exchanged across the mesh is sealed with post-quantum signatures.
  • Signed receipts. Every governed action leaves a hash-chained receipt you can verify independently.
  • Deny-by-default governance. Capability and authority gates bound every action; denials are audited.

Your keys stay yours

Model and provider keys are sealed locally and used through your own accounts. They are not stored on, or proxied through, our servers.

Responsible disclosure

Found a vulnerability? We want to hear from you. Email security@efficientlabs.ai with details and steps to reproduce. Please give us a reasonable window to remediate before any public disclosure; we will keep you updated on our progress.

Questions

For security questions about an enterprise deployment, reach us at security@efficientlabs.ai.