LockMargin

Security at LockMargin

Your data never leaves your machine. Here's how we protect it.

100% Local, Zero Cloud

LockMargin is a desktop application. Your data is stored locally in an encrypted SQLite database on your machine. There is no cloud sync, no remote servers, no third-party data sharing. Ever.

AES-256-GCM Encryption

All sensitive fields (bank accounts, tax IDs, contact information, payment details) are encrypted using AES-256-GCM — the same encryption standard used by banks and government agencies.

How It Works

  • Key Derivation: Your master password is used to derive an encryption key using PBKDF2-HMAC-SHA256 with 100,000 iterations
  • Key Storage: The encryption key is stored in Windows Credential Manager — never in the database or files
  • Salt Storage: A unique salt is stored in the encryption_metadata table (separate from the key)
  • Authenticated Encryption: AES-GCM provides both confidentiality and integrity — tampered data is detected immediately

What We Don't Do

  • ❌ No cloud storage or sync
  • ❌ No telemetry or analytics (unless you opt-in)
  • ❌ No third-party data sharing
  • ❌ No access to your encryption keys
  • ❌ No ability to reset your password (we don't store it)

Security Audits

LockMargin's security architecture was audited by Maya Thompson, an external Security Researcher and IT auditor. The audit covered:

  • Encryption implementation and key management
  • SQLite database security
  • Windows Credential Manager integration
  • Soft delete and data retention policies

Reporting Vulnerabilities

If you discover a security vulnerability in LockMargin, please report it responsibly:

Email: privacy@lockmargin.com

We take all reports seriously and will work with you to understand and resolve the issue. We do not offer bug bounties at this time, but we will credit responsible disclosures (with your permission).

Best Practices for Users

  • Use a strong, unique master password (16+ characters, mixed case, numbers, symbols)
  • Enable Windows BitLocker or FileVault for full-disk encryption
  • Create regular backups (LockMargin has built-in backup tools)
  • Keep LockMargin updated to the latest version
  • Lock your computer when stepping away

Compliance

LockMargin is designed to help you comply with:

  • GDPR: Data stays on your machine, no third-party processors
  • CCPA: You control your data completely
  • ABA Model Rules: Suitable for lawyers handling client data (see our article on ABA compliance)

Contact

For security questions, contact privacy@lockmargin.com