Skip to main content

MouseViz Security

We take the security and privacy of your data seriously. Here is how we protect it.

Last updated: April 2, 2026

Local-First Architecture

On-Device Processing

All mouse tracking, heatmap generation, and visualization logic happens entirely on your Mac. We do not stream your movement data to any servers.

Private Sessions

Your saved sessions are stored locally in your Application Support folder. You have full control over these files and can delete them at any time.

macOS App Security

Code Signing

MouseViz is signed with an Apple Developer ID certificate, ensuring the app has not been tampered with and comes from a verified developer.

Hardened Runtime

The app uses Apple's Hardened Runtime, which protects against code injection and process memory tampering at the operating system level.

App Notarization

Every release is notarized by Apple, meaning it has been scanned for malicious content and verified for security.

Data Encryption

In Transit

All website communications use HTTPS/TLS encryption. App update checks and downloads are also encrypted in transit.

Update Verification

App updates are cryptographically verified using ED25519 signatures via the Sparkle framework, preventing tampered updates from being installed.

At Rest

Local session data is stored in your macOS Application Support directory, protected by file system permissions and FileVault if enabled on your Mac.

Secure Development

Open Development

Our development process is transparent. We use modern CI/CD pipelines with automated security scanning to ensure every build is safe.

Peer Reviews

All code changes undergo rigorous peer review to catch potential security flaws and ensure high code quality.

Vulnerability Disclosure

Reporting

If you discover a security vulnerability, please report it to security@mouseviz.com. We will acknowledge your report within 48 hours and provide an initial assessment within 5 business days.

Responsible Disclosure

We ask that you give us reasonable time to address vulnerabilities before public disclosure. We do not currently operate a formal bug bounty program but appreciate responsible security research.

Contact

If you have any security concerns or would like to report a vulnerability, please contact us at security@mouseviz.com. You can also find our security contact information in our security.txt file.