Security white paper
Atlas's security posture is local-first. Everything that can stay on your Mac, does. The rest is explicitly opt-in and minimal.
Data at rest
- Portfolio data lives in
~/Library/Application Support/Atlas/data.db.enc. - Encrypted with AES-GCM 256-bit via Apple CryptoKit.
- Symmetric key generated per-install, persisted to Apple Keychain under
service
com.atlas.cryptowithkSecAttrAccessibleWhenUnlockedThisDeviceOnly. - On Apple Silicon Macs the Keychain item is Secure Enclave-protected.
- File-level
.completeFileProtectionties decryption to the user's macOS login session.
API keys
- Stored in Apple Keychain under service
com.atlas.keys. - Optional biometric gating (
kSecAccessControlBiometryCurrentSet) โ user opts in via Settings if they want Touch ID required to use FRED / Anthropic / Stock Analyzer tokens.
Network surface
Atlas's outbound network calls (the complete list):
| Destination | When | What's sent |
|---|---|---|
| Yahoo Finance (via yfinance) | Live data refresh | Ticker symbols only |
| FRED (St. Louis Fed) | Macro data refresh | Series IDs only, with user's FRED API key |
| Bank of Canada / Japan / RBI / PBoC | Macro data refresh | Series IDs |
| GDELT 2.0 | Event scanning (hourly) | Query strings only |
| SEC EDGAR | Filings | CIK numbers |
| Anthropic (opt-in) | Cloud LLM commentary | Scenario summary string (no holdings) |
| Atlas Live Worker (opt-in) | Subscription validation, proxied data | Subscription token + ticker lists |
Atlas never sends:
- Portfolio names
- Holdings list with weights
- Personally identifying information beyond the email registered with Atlas Live
- Telemetry, analytics, crash reports
Licensing
- License keys are Ed25519-signed payloads validated locally with an embedded public key.
- Once validated, the unsigned payload is persisted to
~/Library/Application Support/Atlas/license.dat. - Atlas Live subscriptions are server-validated on launch with a 7-day offline grace period.
Code signing + notarization
- Direct-download builds are signed with Developer ID Application and
notarized via
xcrun notarytool(then stapled withxcrun stapler). - App Store builds use App Store Connect provisioning + sandbox entitlements.
Audit
- Every LLM call is logged locally to
~/Library/Application Support/Atlas/llm_audit.sqlite(timestamp, backend, model, prompt hash, prompt, response, latency). - Every event-detection trigger is logged to
events.sqlite. - Every model backtest run is logged to
backtest.sqlite.
These logs never leave the Mac. They're for your own audit trail.