Product Pricing About Careers Blog Alpha Talk to us Download the alpha →
Security & data

Your browsing data never leaves your machine.

Dart Browser is local-first by design. Your history, bookmarks, and agent prompts stay on your device. Cloud sync, when you opt in, replicates only the semantic index structure, never raw page content.

Pillar 01

Local-first by default.

Your browsing history, agent semantic index, bookmarks, and audit logs live on your device. Nothing syncs unless you explicitly opt in.

Pillar 02

No browsing data in the cloud.

Even with sync on, we replicate only index structure — not URLs, not page text, not agent conversations. Your browsing context never crosses our servers.

Pillar 03

BYOM means BYOK.

LLM credentials live in your OS keychain. We never see them. Inference traffic goes directly from your browser to your provider; we are not in the path.

Last reviewed · 15 December 2025 Questions · security@dartbrowser.com

Architecture, in plain English

Dart Browser is a desktop application built on a hardened Chromium fork. It runs locally on your machine. The Dart Agent indexes your web context locally — your history, tabs, bookmarks, and local files — and answers queries using the model you have configured (local or cloud-based).

If you enable cloud sync (Pro tier and above), a small synchroniser sends a compressed representation of your semantic index to our servers so your agent has context across devices. This is index structure only — not URLs, not page content, not agent conversation text. The wire format contains vector embeddings and timestamps, not human-readable browsing data.

Encryption

  • In transit. All connections from the browser and our website use TLS 1.3. Post-quantum hybrid key exchange (X25519 + ML-KEM-768) is enabled by default for connections to our services.
  • At rest (cloud). Cloud-stored data is encrypted with AES-256-GCM at the storage layer, with keys managed by AWS KMS.
  • At rest (local). The local semantic index is encrypted with AES-256 when full-disk encryption is not detected on the host OS. Encrypted using a key derived from your hardware identity key.
  • Credentials. LLM API keys live in the OS keychain (Keychain on macOS, DPAPI on Windows, libsecret on Linux). They are never written to our database or transmitted.

Hardware identity layer

Dart’s identity layer uses your device’s secure hardware module to generate and store your identity key:

  • TPM 2.0 on Windows and Linux: key generation and signing operations happen inside the chip. The private key is non-exportable at the hardware level.
  • Apple Secure Enclave on macOS: same guarantees via the Secure Enclave Processor (SEP).
  • Post-quantum algorithms. New identity keys are generated using ML-DSA (CRYSTALS-Dilithium). Session key exchanges use ML-KEM-768 (CRYSTALS-Kyber) in hybrid mode with X25519 for backwards compatibility.

The hardware attestation token — a signed certificate binding your key to your hardware — can be provided to relying parties (e.g. enterprise SSO) as proof of device health without revealing the private key.

Authentication & access control

  • Personal accounts use passkeys (WebAuthn/FIDO2) or email + magic link. We do not store passwords.
  • Team and Enterprise tiers support SSO via OIDC (Google Workspace, Microsoft Entra ID, Okta).
  • Enterprise supports SCIM for user provisioning.
  • All admin actions are logged and require re-authentication.

Subprocessors

We use a minimal set of operationally-required service providers:

  • Amazon Web Services. Hosting, storage, compute. US regions.
  • Stripe. Payment processing.
  • Postmark. Transactional email.
  • Sentry. Error tracking. Configured to scrub user content. Crash reports are opt-in only.
  • Plausible Analytics. Privacy-respecting marketing analytics (no cookies, no personal data).

Compliance roadmap

  • SOC 2 Type I. Audit underway; report expected Q4 2026.
  • SOC 2 Type II. Observation window underway; report targeted end of 2026.
  • GDPR / UK GDPR. Covered by our Privacy Policy and Data Processing Addendum (DPA available on request).
  • HIPAA. Not applicable by default. Enterprise air-gapped deployments with local-only data may be HIPAA-compatible; contact enterprise@dartbrowser.com.

Air-gapped deployments

Enterprise customers can deploy Dart Browser in fully air-gapped environments. In this configuration: no cloud sync, no licence validation calls (offline licence tokens issued), no update server connections. The agent runs exclusively on a local model. Contact enterprise@dartbrowser.com for air-gap deployment guides.

Vulnerability disclosure

We operate a responsible disclosure programme. If you discover a security issue in Dart Browser, please email security@dartbrowser.com. We will acknowledge within 24 hours and aim to patch critical issues within 7 days. We request 90 days before public disclosure to allow time for a fix.

PGP key available on request from the same address.

Security questionnaires

Enterprise buyers often require a completed security questionnaire. Send your questionnaire to security@dartbrowser.com and we will turn it around within 5 business days.