Security

Last updated: March 10, 2026



Terrahaven builds human-protective counter-tech: tools designed to protect human agency and strengthen integrity, provenance, and trust in digital work. SaneMode is one of those tools: local-first, privacy-minimized, and designed to stay honest about what it can and cannot observe. We built it for a world where trust online is harder to preserve and creators increasingly need a way to stand behind their work without giving up private sessions or documenting everything by hand. Security is part of that design. This page explains our approach in a way that is useful to studios, creators, and technical reviewers without disclosing sensitive implementation details.


Security Principles


Local-First by Default. Core workflows run on your device. By default, SaneMode does not upload your DAW session contents or audio file contents to Terrahaven-controlled servers. SaneMode may compute local, one-way audio fingerprints (hashes) during bounce for proof purposes, but those fingerprints are not playable audio and do not let anyone reconstruct or listen to your work. Receipts and Proof Bundles remain under your control unless you export/share them or send materials to support.


Least Data, Least Access. We design the product so we receive as little data as possible in the first place. We do not run “always-on” behavioral tracking.


Fail-Closed Integrity. If the system can’t safely observe or verify something, it should reflect more limited coverage or refuse issuance rather than guessing. You’ll see Gaps/Unknowns in outputs where coverage is incomplete.


Authority Separation. SaneMode is designed so that untrusted components (for example, a plug-in running inside a host) cannot “mint” higher-trust artifacts on their own. Issuance is gated by an authority boundary that can refuse issuance when conditions are ambiguous, degraded, or inconsistent with integrity requirements.


No Security Through Obscurity. We do not rely on secrecy alone for security. We rely on enforceable trust boundaries, key protection, conservative issuance rules, and failure modes designed to degrade honestly when integrity cannot be established.


What Data We Handle


SaneMode is designed to minimize what leaves your device. The typical cases where data may reach us are:


  • Website use (standard web logs and security telemetry, as described in our Privacy Policy)

  • Billing (handled by our payment processor; we receive limited billing metadata needed for support)

  • Support (only what you choose to send; we recommend you review/redact before sending)

  • Network features (when used, e.g., license/Seat validation or remote issuance of shareable receipts, where offered)


We do not access your DAW sessions or local Vault by default. Support is limited to what you choose to send us, such as screenshots, Receipts, Proof Bundles, and diagnostic logs. If we ever offer an explicit remote-support flow, it will be clearly disclosed in-product and governed by our Privacy Policy and any applicable support terms.


Retention. We keep logs and support materials only as long as we need to keep SaneMode reliable and defend against abuse—then we delete or reduce them. Details live in the Privacy Policy.


Product Security Controls


Local Storage Hardening. SaneMode stores proof artifacts locally (for example, in a vault/ledger). We design local persistence to be tamper-evident and to avoid common filesystem redirection tricks (e.g., unsafe path chains). Because artifacts are local-first, your device security matters—see “Your Responsibilities” below.


On-Device Cryptographic Integrity. Where SaneMode uses cryptography, the goal is to support integrity, continuity, and local verification. In practical terms, that means helping detect unauthorized changes to prior records, showing whether a history appears to have been rewritten later, and enabling supported local checks of signatures or continuity. When SaneMode reports that something verified locally, that means integrity checks passed in that environment. It does not mean Terrahaven reviewed the underlying creative work, certified authorship, or endorsed the content.


Encryption. Network communications use encrypted transport. When we encrypt sensitive material at rest, we rely on OS-provided secure storage where available and standard, widely reviewed mechanisms.


Real-Time Safety Discipline. SaneMode is designed to operate inside sensitive audio environments. When proof-related work touches real-time paths, the design goal is to avoid blocking, avoid destabilizing the host, and keep security checks bounded.


Privacy-Minimized Permissions. Some workflows may request OS permissions (e.g., Accessibility/Automation) to observe limited operational indicators. We design those surfaces not to capture the contents of your screen, the text of your messages, or your keystrokes; and we avoid recording DAW project content except as strictly necessary to produce the specific limited indicators shown in the relevant output.


Anti-Tamper (Fail-Closed). If the environment appears compromised in a way that could affect integrity, SaneMode may refuse to issue shareable proof and may record the limitation or reason instead.


Service Security Controls


How We Approach Security. We design the product to stay local-first, minimize data collection, and treat proof issuance as a high-integrity action that should fail closed when anything is unclear.


Shipping Discipline. We ship with conservative defaults, restrict access to operational systems, and prioritize security fixes that affect proof integrity, key protection, and local artifact tamper-evidence. We keep issuance and local artifact integrity changes behind careful review, and we prioritize fixes that affect misuse resistance, key protection, and tamper-evidence.


Access. We limit internal access to information we process to personnel who need it to operate or support the Service. We use access controls and operational discipline intended to reduce unauthorized access.


Providers. We use service providers for functions like payment processing and email delivery/support tooling. We use established providers for payment processing and support tooling, and we limit what’s shared to what’s necessary.


No Sale of Personal Information. We do not sell personal information, and we do not “share” personal information for cross-context behavioral advertising.


No Training on Your Data. We do not use your Receipts, Proof Bundles, support submissions, or other data you provide to train generative models.


Vulnerability Reporting. We welcome good-faith security reports and coordinated disclosure.


Email: security@sanemode.com (or legal@sanemode.com)


Include:


  • What you found and how to reproduce it

  • Impact (what an attacker could do)

  • Affected version(s) / environment details


Please Do Not:


  • Access data that isn’t yours

  • Use social engineering against our staff or users

  • Publicly disclose exploit details before giving us a reasonable chance to investigate


If you follow the rules above and act in good faith, we aim to treat reports as coordinated disclosure and work with you to resolve issues.


Incident Response. No security program is perfect. If we become aware of a security incident that materially affects information we process, we will:


  • Investigate and contain it

  • Take commercially reasonable steps to remediate

  • Provide notice where required by applicable law and where practicable


Your Responsibilities (Local-First Reality). Because SaneMode is local-first, the security of your Vault/Ledger, Receipts, and exported artifacts depends significantly on your environment. You are responsible for:


  • Keeping macOS and DAWs updated

  • Using strong authentication on your device and accounts

  • Maintaining malware protection appropriate for your studio environment

  • Controlling physical access to machines

  • Maintaining backups if you plan to rely on artifacts later

  • Reviewing exports before sharing (Receipts/Proof Bundles may include environment-derived metadata)


What We Do Not Claim. We do not claim perfect security, and we do not claim SOC 2, ISO 27001, or any other certification unless we explicitly state it in writing. SaneMode is not a certification authority or compliance auditor, and it does not provide legal advice.


Contact


Terrahaven, LLC

1209 Mountain Road Pl NE Ste R

Albuquerque, New Mexico 87110

United States


Security: security@sanemode.com

Legal: legal@sanemode.com

Support: support@sanemode.com

Billing: billing@sanemode.com