Security Architecture

Don't Trust.
Verify.

We don't ask you to trust our privacy claims. We give you the schematics so your security team can verify every claim independently.

Verified Evidence

Every claim on this page is substantiated by macOS Activity Monitor. These screenshots were captured during an active transcription session.

🌐

Zero Network Traffic

Claim: Airgap Voice sends zero bytes over the network.
Evidence: macOS Activity Monitor confirms 0 bytes sent, 0 bytes received, 0 packets sent, and 0 packets received while the application is actively transcribing.

Activity Monitor Network tab showing Airgap Voice with 0 bytes sent, 0 bytes received, 0 sent packets, 0 received packets

Activity Monitor → Network tab · Captured during active transcription session

💾

Zero Disk Writes

Claim: No transcripts, audio, or session data are written to disk.
Evidence: Activity Monitor shows 0 bytes written to disk. The 2.36 GB read is the one-time model load into GPU memory at startup. After that, all processing stays in volatile RAM.

Activity Monitor Disk tab showing Airgap Voice with 0 bytes written, 2.36 GB bytes read

Activity Monitor → Disk tab · 0 bytes written confirms no forensic footprint

Local GPU Processing Confirmed

Claim: The AI model runs on your Mac's GPU, not a remote server.
Evidence: Activity Monitor shows 38.4% GPU utilization and 1:24 GPU time during active transcription. The process runs 41 threads on Apple Silicon with the process kind listed as "Apple," confirming native Metal GPU acceleration.

Activity Monitor CPU tab showing Airgap Voice with 38.4% GPU usage, 1:24 GPU time, 41 threads, Apple Silicon

Activity Monitor → CPU tab (GPU columns enabled) · Native Apple Silicon Metal acceleration

Don't take our word for it. Open Activity Monitor on your own machine and verify these numbers yourself.

Trust Artifacts

Evidence your security team can verify independently.

$ codesign -dvvv AirgapVoice.app
Authority=Developer ID Application: [Redacted]
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Feb 2026
$ stapler validate AirgapVoice.app
Processing: AirgapVoice.app
The validate action worked!

Code Signing & Notarization

Signed with Developer ID and notarized by Apple. Stapled ticket ensures offline verification.

$ sudo lsof -i -P | grep AirgapVoice
[No results]
$ nettop -p $(pgrep AirgapVoice) -L 1
bytes_in: 0 bytes_out: 0
$ tcpdump -i any -c 100 "host not localhost"
0 packets captured (AirgapVoice active)

Zero Network Traffic

No open sockets. No bytes sent or received. Verify with lsof, nettop, tcpdump, or Little Snitch.

$ codesign -d --entitlements :- AirgapVoice.app
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.accessibility</key>
<true/>
⚠ No network entitlement present

Sandbox Entitlements

Only microphone and accessibility. No network client entitlement. The kernel blocks all outbound connections.

Security Guarantees

🧹

Memory Zeroization

All audio buffers, speech tokens, and transcript data are overwritten with 0x00 after use. Combined with Apple Silicon hardware memory encryption (Secure Enclave), no residual data survives beyond the active session.

🚫

No Persistent Storage

Airgap Voice does not write transcripts, audio recordings, or usage logs to disk. Only user preferences (microphone selection, keyboard shortcut) are persisted. Zero forensic footprint.

📦

Offline Installation

Distributed as a signed and notarized PKG. Installable via MDM or manual transfer. No internet connection required at any point in the lifecycle: installation, model loading, or daily operation.

🔐

FIPS 140-2 Foundation

Leverages macOS CoreCrypto (FIPS 140-2 validated) for all platform-level encryption. Full-disk encryption and hardware-level memory encryption enforced by the Apple Silicon Secure Enclave.

Ready for Your Security Review?

Request an Evaluation Kit so your team can run their own verification. 14-day full-functionality pilot.

Request Evaluation Kit
Designed for GDPR · HIPAA · CCPA · ITAR · SOC 2