Security

Ignyq Inc.  ·  Last updated: May 18, 2026

Security First Ignyq is designed with a local-first, privacy-first architecture. Your financial data never leaves your device. We believe security should be transparent — this page explains exactly how Ignyq protects your data and how to report a vulnerability.

How We Protect Your Data

🔒 Local Encrypted Database

All financial planning data — goals, income, net worth, retirement projections — is stored exclusively on your device in an AES-256 encrypted SQLite database (SQLCipher). The encryption key is stored in your operating system's secure keychain (macOS Keychain / Windows Credential Manager / libsecret on Linux), never in a file.

🔐 AI API Keys in OS Keychain

If you use AI features, your API keys (Anthropic, OpenAI, Google, Perplexity) are stored in your OS keychain — never written to a config file or transmitted to Ignyq servers. Ignyq uses your own keys and your own AI provider account.

🚫 No Telemetry

Ignyq does not collect usage analytics, crash telemetry, or behavioral data. Network connections are limited to market data APIs you configure, AI providers you opt into, and optional broker integrations you explicitly set up.

🤖 AI Prompts Contain Only Public Data

When you use AI analysis features, prompts contain only publicly available stock ticker symbols and market data — never account numbers, balances, names, or personally identifiable information. This is enforced by design in the prompt templates, not just policy.

📋 AI Activity Log

Every AI request is logged locally on your device with a structured audit entry: provider, model, analysis type, ticker, token count, and status. You can review this log anytime via Help → View AI Activity Log in the app.

🛠 Signed & Verified Installers

All Ignyq installers are code-signed (Windows EV certificate via SSL.com; macOS Developer ID with Apple notarization). SHA-256 checksums are published alongside every release so you can verify the installer before running it.

What Data Goes Where

Stays on your device only

  • Financial planning database: goals, debts, assets, income, net worth, budgets, retirement projections (AES-256 encrypted)
  • Portfolio watchlists and historical OHLCV data
  • Application settings and preferences
  • AI API keys (OS keychain)
  • AI activity audit log

Sent to third-party market data providers

  • Ticker symbols you look up (sent to Yahoo Finance, SEC EDGAR)
  • No personal information is included in these requests

Sent to your chosen AI provider (only when you initiate AI analysis)

  • Stock ticker symbol and publicly available market data for the selected stock
  • No account information, balances, names, or personal identifiers
  • Subject to your AI provider's own privacy policy (Anthropic, OpenAI, etc.)

Sent to Ignyq servers

  • Weekly license validation check (license key hash only — no personal data)
  • Nothing else. Ignyq does not operate any analytics or telemetry infrastructure.

Responsible Disclosure

We take security reports seriously. If you discover a vulnerability in Ignyq software, our website, or our distribution infrastructure, please report it to us privately before disclosing publicly.

Email: security@ignyq.co

Subject line: [SECURITY] <brief description>

PGP: Not required; plain-text email is fine for initial contact

What to include in your report

  • Description of the vulnerability and its potential impact
  • Steps to reproduce (version number, operating system, configuration)
  • Any proof-of-concept code or screenshots that help illustrate the issue

Our commitments

  • Acknowledgement: We will acknowledge your report within 2 business days
  • Assessment: We will assess the severity and provide an initial response within 5 business days
  • Remediation: We aim to release a fix for critical and high-severity issues within 14 days of confirmation
  • Credit: With your permission, we will credit you in the release notes for the fix
  • No legal action: We will not pursue legal action against researchers who follow responsible disclosure and do not access, modify, or exfiltrate user data
Please do not publicly disclose vulnerability details before we have had a reasonable opportunity to investigate and release a fix. We ask for a minimum of 90 days before public disclosure, which we will work to accelerate where possible.

Supported Versions

Security updates are provided for the current release only. We recommend always running the latest version of Ignyq. Older versions will not receive security patches.

The current version is always available at ignyq.co/download. The Changelog documents what changed in each build.

Contact

Security vulnerabilities: security@ignyq.co

General inquiries: help@ignyq.co

Support: support@ignyq.co  ·  Support page

Copyright © 2026 Ignyq Inc. All Rights Reserved.  ·  Ignyq™ is a trademark of Ignyq Inc.
Privacy Policy  ·  Terms of Service  ·  Legal  ·  End User License Agreement