Legal
Security
Effective June 17, 2026
Security isn't a feature bolted on at the end — it's the architecture. The less data leaves your control, the less there is to breach.
Local-first by design
Your prompts, keys, files, and agent memory are processed on infrastructure you own. The smallest possible footprint reaches us, which shrinks the attack surface from the start.
Verifiable, not assumed
- Content-addressed data. Payloads are addressed by the hash of their contents, so tampering is detectable.
- Post-quantum sealing. Data exchanged across the mesh is sealed with post-quantum signatures.
- Signed receipts. Every governed action leaves a hash-chained receipt you can verify independently.
- Deny-by-default governance. Capability and authority gates bound every action; denials are audited.
Your keys stay yours
Model and provider keys are sealed locally and used through your own accounts. They are not stored on, or proxied through, our servers.
Responsible disclosure
Found a vulnerability? We want to hear from you. Email security@efficientlabs.ai with details and steps to reproduce. Please give us a reasonable window to remediate before any public disclosure; we will keep you updated on our progress.
Questions
For security questions about an enterprise deployment, reach us at security@efficientlabs.ai.
