Security

Last updated: January 01, 2026

Our Security Philosophy

Echolon is built with security as a fundamental principle. Our local-first architecture means your sensitive data never needs to leave your machine, providing inherent security benefits that cloud-based alternatives cannot match.

Local-First Security

By storing all data locally, Echolon eliminates many attack vectors:

  • No data breaches: Your data isn't stored on our servers
  • No network interception: Sensitive data isn't transmitted to us
  • No account hijacking: No accounts to compromise
  • Full control: You decide where and how your data is stored

Secrets Management

Echolon provides secure handling of sensitive values:

  • Encrypted storage: Sensitive values can be encrypted at rest
  • Environment separation: Keep production secrets separate from development
  • Masked display: Sensitive values are hidden in the UI by default
  • Git-safe: Secrets can be excluded from version control

Open Source Transparency

Echolon is fully open source, which provides significant security benefits:

  • Code auditing: Anyone can review our code for vulnerabilities
  • Community review: Security researchers can report issues
  • No hidden functionality: What you see is what you get
  • Reproducible builds: Verify the application matches the source code

Application Security

We implement security best practices in our application:

  • Regular dependency updates and vulnerability scanning
  • Code signing for desktop applications
  • Sandboxed execution where possible
  • Minimal permission requirements
  • Secure default configurations

Network Security

When making API requests through Echolon:

  • All HTTPS connections use modern TLS versions
  • Certificate validation is enforced by default
  • Proxy settings are fully configurable
  • No requests are routed through our infrastructure

Vulnerability Reporting

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

  • Email: support@echolon.app
  • GitHub Security Advisories: Use GitHub's private vulnerability reporting

Please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

We commit to:

  • Acknowledging your report within 48 hours
  • Providing regular updates on our progress
  • Crediting you in our security advisories (if desired)
  • Not pursuing legal action for good-faith research

Security Updates

We release security updates as needed:

  • Critical vulnerabilities are patched as quickly as possible
  • Security advisories are published on GitHub
  • Users are notified of important updates
  • Detailed changelogs document all security fixes

Best Practices for Users

To maximize security when using Echolon:

  • Keep Echolon updated to the latest version
  • Use encrypted storage for sensitive values
  • Don't commit secrets to version control
  • Use environment-specific configurations
  • Review collection files before sharing
  • Use strong, unique API keys and tokens

Compliance

Echolon's local-first architecture can help with compliance requirements:

  • GDPR: Data stays on your machine in your jurisdiction
  • HIPAA: No PHI transmitted to third parties
  • SOC 2: Full control over your data handling
  • Data residency: Data never leaves your chosen location

Contact

For security-related questions or concerns:

  • Email: support@echolon.app
  • GitHub: github.com/echolon-app/echolon