multipleof4/sune
1
0
Fork 0
mirror of https://github.com/multipleof4/sune.git synced 2026-04-27 11:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Trim SECURITY.md further

Browse Source
This commit is contained in:
multipleof4
2026-04-18 16:18:46 -07:00
parent 6f8afc3cb7
commit 53ba91caaf
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
SECURITY.md Normal file
View File

@@ -0,0 +1,11 @@
# Security & Privacy
Sune is client-side. Your threads, sunes, settings, API keys, and GitHub PAT live in your browser's `localStorage` / `IndexedDB` — never on our servers. GitHub sync (if enabled) goes browser → your repo with your PAT. No accounts, no tracking.
## The Proxy
Streaming is relayed through [`us.proxy.sune.chat`](https://github.com/sune-org/us.proxy.sune.chat) so mobile generations survive screen locks. Your browser opens a WebSocket, the proxy forwards to the provider with the API key **you** supplied, and streams tokens back.
**What it doesn't do:** no prompt logging (messages sit in `:memory:` SQLite with a 20-min TTL for reconnects, never written to disk), no reading your chats, no storing keys, no third-party sharing.
**What I see:** an [ntfy](https://ntfy.sh) ping when a run ends/fails, containing only: run ID, `[provider/model]`, duration, and error message (if any). No prompts, no responses, no IP, no key. Source is public — audit it [here](https://github.com/sune-org/us.proxy.sune.chat).