Back to Hub

Security & Compliance FAQ

Everything you need to know about our local-first security model, privacy commitments, and enterprise compliance.

Data Privacy & Local Processing

How does OpSecForge handle my sensitive data?

OpSecForge operates on a Zero-Data-Retention (ZDR) architecture. Unlike traditional SaaS platforms that process data on remote servers, OpSecForge executes all logic locally within your browser. Your data never leaves your machine.

What is the role of WebAssembly (WASM) in your security model?

We utilize WebAssembly (WASM) to run high-performance, sandboxed binaries directly in your browser. This allows us to provide complex cryptographic tools with near-native speed while ensuring the execution environment is strictly isolated from our servers.

Can I use OpSecForge offline?

Yes. OpSecForge is designed with 100% offline capability. Once the initial application shell is loaded, you can disconnect from the internet entirely. All processing occurs locally using client-side resources.

GDPR & Compliance

Is OpSecForge GDPR compliant?

OpSecForge is inherently compliant with GDPR by design. Since we do not collect, store, or process personal data (PII) on our infrastructure, the risks associated with data controllership are eliminated. This makes us the ideal choice for DPOs and compliance officers.

Does the platform meet Enterprise Security Standards?

Yes. Our tools are built to align with ISO/IEC 27001 and SOC 2 Type II control frameworks regarding data minimization. By removing the 'Cloud' from the processing equation, we significantly reduce your organization's attack surface.

Tool Usage & Security

How safe is it to paste JWTs into your debugger?

It is completely safe. Our JWT Debugger performs all decoding and signature verification locally. Your tokens, which often contain sensitive claims, are never transmitted over the wire.

Can I safely format .env files using OpSecForge?

Yes. Our .env and secret management utilities are built to handle sensitive key-value pairs without risk. We recommend using our tools in an 'Air-Gapped' browser tab for maximum assurance.

Still have questions?

Our engineering team is ready to provide deep-dives into our technical safeguards.

Contact Support