He Was Socrates · Settings · Privacy & Data

Privacy & Data

Settings Privacy & Data Data residency & tone lock
local-first E2EE-by-design no network.client no network.server App Sandbox Airplane-mode compatible
Data residency
Audio leaves device
Microphone capture is processed locally by SFSpeechRecognizer with requiresOnDeviceRecognition = true. Network entitlement absent — toggle cannot be enabled.
OFF · LOCKED
Conversation log (wondering log)
Stored as local SQLite (Core Data). SHA-256 content fingerprint dedup. Never synced to iCloud or any remote.
~/Library/Containers/com.twoweeksteam.HeWasSocrates/Data/Library/Application Support/wondering.db
LOCAL · SQLite
Gemma 4 weights · gemma-4-e4b-it-4bit
3.97 GB. Downloaded once on first launch via OS-mediated MLX cache (only sanctioned network egress). Weights themselves never leave after that.
~/Library/Caches/com.apple.MLX/
SYSTEM · MLX
STT model · Speech.framework (ko_KR + en_US)
Apple-managed asset, on-device transcription. Acquired via AssetInventory (macOS 26). Last verified 2026-05-07.
APPLE-MANAGED
TTS voice · AVSpeechSynthesisVoice (Yuna ko / Samantha en)
Apple-managed voice asset. Premium → enhanced → default fallback chain. Synthesis is local; audio buffer never leaves the process.
APPLE-MANAGED
Telemetry / analytics / crash reports
Disabled by absence. No analytics SDK is linked; no crash collector reaches outbound. There is no toggle because there is no code path.
NONE
Threat model (inverted)
your Mac mic HF weights (1×, day 1) no egress (blocked at entitlement)
Inbound only.
  • → mic · audio buffer, on-device STT
  • ⇢ weights · 1× MLX cache fetch on first launch
  • ⊘ outbound · no network.client, no network.server
Tone lock · system prompt excerpt
너는 산파다. 답을 주지 않는다. 묻는다.
The system prompt is verbatim user-authored Korean 단정한 평어체 — neither 존댓말 nor friendly-banmal — embedded at compile time. It is part of the binary, not fetched at runtime. // Sources/SocraticEngine/Gemma/SystemPrompt.swift · embedded at compile time · invariant #3
Bust subtitle preview (ko)
그 질문이 정말 답을 원하는 거야?
▣ subtitle rendered locally · never transmitted
Privacy receipt
🔒 verifiable receipt · last refreshed 2026-05-07 09:14 KST
entitlements SHA-256
e5dfadf2c81a7b0e9c4d3a26f81b40ef9a7c2db5147f6a3b8c01d9e4f7a2314c5
git commit
3f02a34 · perf(gemma): disk-mediated KV cache reuse — TTFT 4.6s→192ms (24×) [PR-Λ]
spec lock
runs/2026-05-05-spec/ · read-only · iter6
network entitlements
com.apple.security.network.client = absent · com.apple.security.network.server = absent
STT on-device flag
SFSpeechRecognizer.requiresOnDeviceRecognition = true
verified by
make ci-local · gitleaks · entitlements plist hash check
Inspect the receipts yourself: shasum -a 256 apps/macos/HeWasSocrates/HeWasSocrates/Resources/HeWasSocrates.entitlements · git rev-parse HEAD · plutil -p the entitlements file. The values above must match. If they do not, this build is not the one audited.