Privacy Architecture

Photo of the Galaxy SOHO complex in Beijing, China by Jimmy Chang (@photohunter on Unsplash.com)

This is an overview of the privacy architecture and data security measures planned for the BigFilter product as of 2025-10-08. The privacy architecture and data security measures will be updated as the product develops.

Data Handling and Storage

Client-Side Storage of Sensitive Data

All sensitive user data, including screenshots, extracted messages, user context, counterparty lists, and relationship histories, are stored exclusively on the user's device.

This reduces the risk of mass data breaches often associated with centralized cloud storage. By keeping sensitive information local, the attack surface is significantly reduced.

Stateless Cloud Analysis

While data is sent to the cloud service for analysis, the service does not store any sensitive user data. This is achieved by making user data sufficiently small for client storage and transmitting portions for stateless queries. 

Similar to client-side storage, this is intended to reduce the risk of mass data breaches.

Encryption Measures

Encryption in Transit

All data transmitted to the cloud service is encrypted during transit. This protects data from eavesdropping and tampering as it moves across networks.

Dual-Key Encryption at Rest

Sensitive data stored on the device is protected with dual-key encryption. This combines a local key with a remote key stored in the cloud. The cloud-stored key is passed to the client at the beginning of each session and not persistently stored on the client.

Dual-key encryption, especially when one key is external to the device, significantly enhances protection against attackers who gain local device access, making it harder to decrypt data even if the device is lost or stolen.

User Opt-In

Conditional Data Storage for System Improvement

Users will have the option to opt-in to help improve the product. If they consent, sensitive data may be stored to enhance the system, subject to clear guarantees about how the data is handled. These guarantees include:

  • Limited data retention (exact terms to be determined)
  • Anonymization/Consent for Raw Data: Data is anonymized, or only used/viewed by staff in its anonymized form, unless explicit user consent is given for processing raw data (manageable per data piece in the dashboard).

Future Plans

Encrypted Cloud Transfer for Syncing

For syncing data across multiple user devices, an end-to-end encrypted client-to-client transfer mechanism is employed, similar to popular messaging services (e.g., WhatsApp, Signal). The cloud acts as a temporary conduit for encrypted data that can only be decrypted on the target device.

Utilizing strong encryption for data in transit and ensuring data is only decryptable on the intended client device protects against interception and unauthorized access.