Security

Last updated: 2 May 2026 Version: 1.0

Local-first by design. The single biggest security feature of VerifyEat is that your menu data lives on your Mac, not on a server we operate. There is no central database for an attacker to breach. When data does leave your Mac (AI translation or App Store purchase validation), it travels over HTTPS directly to a vetted provider — not through us.

1. Architecture overview

The Mac app stores all menu, product, image, and configuration data in ~/Library/Application Support/VerifyEat/. This folder is protected by macOS user-level permissions.
The Anthropic API key is stored in the macOS Keychain when you enter it. The app never reads or transmits it elsewhere.
AI translations are sent over HTTPS directly from your Mac to api.anthropic.com. We have no proxy, no logging, no copy.
The marketing website is a static site on Cloudflare Pages, served over HTTPS with a Content Security Policy and HSTS.
Payments are handled by Apple through the Mac App Store. Card and billing data never touch our servers.

2. Encryption

In transit: TLS 1.2+ for every connection from the website, the app's API calls, and the LocalMenuServer when used over modern Wi-Fi.
At rest (sensitive material): macOS Keychain for the Anthropic API key. Keychain entries are encrypted with hardware-backed keys on Apple Silicon Macs.
At rest (menu data): Menu JSON and images are stored in plain files inside Application Support. We recommend FileVault, which encrypts the entire disk.

3. The LocalMenuServer feature

"Live on Phone" starts a temporary HTTP server bound to your local network so a phone or tablet on the same Wi-Fi can preview the menu. Important to know:

The server stops when you close the panel or quit the app.
It serves your active menu data without authentication, so anyone on the same Wi-Fi can read it. Use only on trusted networks.
It does not write or accept uploads — read-only.
A future update will offer a "loopback only (127.0.0.1)" mode and an opt-in passcode.

4. Dependencies & supply chain

The macOS app uses only Apple's first-party SwiftUI, Foundation, Network, and Security frameworks. We deliberately avoid third-party Swift packages to minimise supply-chain risk.
The website uses no JavaScript framework. Only one external resource is loaded (Inter font CSS from rsms.me).
Build artefacts are signed and notarised by Apple before distribution. The download link only serves notarised builds.

5. Incident response

Our incident response process:

Detect. Monitor Cloudflare logs, App Store subscription status signals where applicable, and inbound reports.
Triage. Within 24 hours of becoming aware, classify severity and confirm scope.
Contain. Apply mitigations (e.g., revoke compromised keys, deploy a patched build).
Notify. Affected customers and the relevant supervisory authority within 72 hours, where required by GDPR / FADP.
Post-mortem. Public write-up for material incidents.

6. Responsible disclosure

If you believe you have found a security vulnerability in the VerifyEat app, the website, or any related service, please email security@verifyeat.com with:

A clear description of the vulnerability.
Steps to reproduce, ideally with a minimal proof of concept.
Your contact details so we can follow up.

What you can expect from us:

Acknowledgement within 72 hours.
An initial assessment within 5 business days.
Regular status updates until resolution.
Public credit (if you'd like) once the fix is shipped.

What we ask of you:

Give us reasonable time to fix before public disclosure (typically 90 days).
Do not access or modify data that is not yours.
Do not perform tests that could degrade service for other users (DoS, social engineering, physical attacks).
Comply with applicable law.

We do not yet operate a paid bug bounty programme but may issue swag, public credit, or discretionary bounties for high-impact reports.

7. How we minimise sensitive data

No user accounts on the marketing website.
No analytics that identify individuals.
No background telemetry from the app.
Customer card data never enters our infrastructure (handled by Apple for App Store subscriptions).
Anthropic API key never leaves the customer's Mac.

8. Recommended customer practices

Keep macOS updated and enable FileVault.
Use a strong account password and a separate user account for the device that holds menu data.
Generate an Anthropic API key dedicated to VerifyEat and rotate it periodically.
Use the LocalMenuServer feature only on trusted Wi-Fi.
Export a JSON backup of your menu monthly (Cmd-click "More" → "Export menu (JSON)").

9. Contact

Security disclosures: security@verifyeat.com
General contact: hello@verifyeat.com