Security Whitepaper
DocSmith security model and operational boundaries.
This whitepaper summarizes security assumptions and practical controls for teams evaluating DocSmith in regulated payroll workflows.
Threat model scope
- Local machine compromise and endpoint hygiene risks.
- Operator misuse, template drift, and process inconsistency risks.
- Credential misuse risks in licensing and entitlement operations.
Offline-first data handling
- Payroll-row processing and validation are local-first by default.
- No default cloud upload path for salary rows.
- Local drafts persist only within user-controlled storage context.
Minimal permissions and safe boundaries
- Permissions are constrained to required product operations.
- No scraping/automation behavior outside declared workflow boundaries.
- Product controls complement, not replace, organizational endpoint controls.
Audit trail concept
- Validation and export checkpoints can be tracked for governance review.
- Hash-chain concepts support integrity-oriented evidence paths.
- Operational policy decides retention and review cadence.
What can leave the device
- Licensing and payment-related metadata needed for entitlement operations.
- No payroll-row submission is required in the default local workflow.
- Support communications are user-initiated for troubleshooting and compliance requests.