Security White Paper

PARANOID-FIRST ARCHITECTURE.

We assume the network is compromised, the cloud is untrusted, and your privacy is absolute. Here's how we build for that reality.

Security Model v2.1 // December 2025

I. LOCAL-FIRST ARCHITECTURE.

ACE.Pro is built on a "Local-First" security model. This is not a feature—it is the foundation of our entire architecture. Every cryptographic operation, every file scan, every index update happens on your machine. Your data never touches our servers because we have no servers for it to touch.

The implications of this design:

Zero Cloud Dependency: ACE.Pro functions 100% offline. No internet connection is required for core operations.
Air-Gap Compatible: Enterprise users can deploy ACE.Pro on fully air-gapped networks with zero degradation of functionality.
No Attack Surface: If our company ceases to exist tomorrow, your software continues to function. There is no cloud API that can be deprecated.

"The most secure data is data we never see."

Processing Architecture

100%Local Processing

0%Cloud Dependency

File ScanningLocal disk reads only

Hashing & DeduplicationRAM-only operations

Index StorageEncrypted local SQLite

Air-gap compatible. Zero cloud dependency.

Hashing Strategy

Two-Tier Hash System

Stage 1: XXHash64

Fast non-cryptographic hash for quick equality checks. Processes at 30GB/s.

Stage 2: SHA-256

Cryptographic verification for confirmed duplicates. SIMD-accelerated.

4MBChunk Size

30GB/sHash Speed

II. CRYPTOGRAPHIC HASHING.

File deduplication requires comparing content, not names. ACE.Pro uses a **two-tier hashing strategy** to balance speed and cryptographic security:

XXHash64 (Fast Path): Non-cryptographic hash for rapid equality checks. Processes data at 30GB/s using SIMD instructions. Used for initial duplicate detection.
SHA-256 (Verification): Cryptographic hash for confirmed matches. Ensures collision resistance (probability: 2⁻²⁵⁶). Only computed when XXHash indicates a match.

Merkle Tree Chunking: Large files (1GB+) are split into 4MB chunks. Each chunk is hashed independently, allowing us to verify a 100GB video file by checking its chunk tree rather than rehashing the entire file on every scan.

This approach means we can identify a duplicate 80GB RAW video file in under 200ms, even on a spinning HDD.

III. ENCRYPTION AT REST.

Your ACE.Pro index database (SQLite/RocksDB) contains metadata about your files: names, paths, sizes, and content hashes. While this is not the file content itself, it is still sensitive. Therefore, the index is encrypted at rest using AES-256-GCM.

The encryption key is derived from your system's **Hardware Security Module**:

macOS: Secure Enclave (T2/M-series chip). Keys are hardware-bound and cannot be exported.
Windows: TPM 2.0 (Trusted Platform Module). Keys are sealed to the specific device.
Linux: User-provided passphrase (PBKDF2, 600k iterations) or TPM if available.

This means: If someone steals your laptop and dumps the hard drive, they cannot decrypt the ACE.Pro index. They will not see your file names, folder structures, or metadata. The key never leaves your hardware.

Encryption Spec

AES-256-GCM

AlgorithmAES-256

ModeGCM (Authenticated)

Key Size256 bits

IV Size96 bits (random)

Hardware-Bound KeysCannot be exported from device

Authenticated EncryptionGCM prevents tampering

If you lose your device, the index is irrecoverable.

Network Policy

TelemetryOPT-IN

PII CollectionNONE

What We MAY Collect (Opt-In)

• Generic error codes (not stack traces)

• Feature usage counts (aggregated)

• Performance metrics (anonymized)

✓ Differential privacy applied

✓ No file names or paths

✓ No device fingerprinting

"We add statistical noise to ensure no single user can be identified."

IV. NETWORK ISOLATION.

ACE.Pro is designed to function 100% offline. However, for users who opt in, we collect minimal, anonymized telemetry to improve the product. This telemetry is:

Opt-In Only: Telemetry is disabled by default. You must explicitly enable it in settings.
Differential Privacy: We add statistical noise to usage data, making it mathematically impossible to identify individual users.
No PII: We never collect file names, folder paths, IP addresses, or hardware identifiers.

Air-Gap Deployment: Enterprise users can deploy ACE.Pro on fully isolated networks. The software will continue to function with zero degradation. No license checks phone home.

Security Questions or Concerns?

We take security seriously. If you have questions or want to report a vulnerability, contact our security team.

Contact Security Team

Responsible Disclosure: security@acepro.com

I. LOCAL-FIRST ARCHITECTURE.

The implications of this design:

Zero Cloud Dependency: ACE.Pro functions 100% offline. No internet connection is required for core operations.

Air-Gap Compatible: Enterprise users can deploy ACE.Pro on fully air-gapped networks with zero degradation of functionality.

No Attack Surface: If our company ceases to exist tomorrow, your software continues to function. There is no cloud API that can be deprecated.

"The most secure data is data we never see."

II. CRYPTOGRAPHIC HASHING.

File deduplication requires comparing content, not names. ACE.Pro uses a **two-tier hashing strategy** to balance speed and cryptographic security:

XXHash64 (Fast Path): Non-cryptographic hash for rapid equality checks. Processes data at 30GB/s using SIMD instructions. Used for initial duplicate detection.

SHA-256 (Verification): Cryptographic hash for confirmed matches. Ensures collision resistance (probability: 2⁻²⁵⁶). Only computed when XXHash indicates a match.

This approach means we can identify a duplicate 80GB RAW video file in under 200ms, even on a spinning HDD.

III. ENCRYPTION AT REST.

The encryption key is derived from your system's **Hardware Security Module**:

macOS: Secure Enclave (T2/M-series chip). Keys are hardware-bound and cannot be exported.

Windows: TPM 2.0 (Trusted Platform Module). Keys are sealed to the specific device.

Linux: User-provided passphrase (PBKDF2, 600k iterations) or TPM if available.

IV. NETWORK ISOLATION.

ACE.Pro is designed to function 100% offline. However, for users who opt in, we collect minimal, anonymized telemetry to improve the product. This telemetry is:

Opt-In Only: Telemetry is disabled by default. You must explicitly enable it in settings.

Differential Privacy: We add statistical noise to usage data, making it mathematically impossible to identify individual users.

No PII: We never collect file names, folder paths, IP addresses, or hardware identifiers.

Air-Gap Deployment: Enterprise users can deploy ACE.Pro on fully isolated networks. The software will continue to function with zero degradation. No license checks phone home.