Purpose

This document describes the verifiable, provable security facts of Solid Invoice as it exists today, along with protections already designed into the product experience.

It intentionally avoids implementation-specific cryptography claims unless they can be demonstrated from the running app and published source code. Where we rely on platform protections, we say so plainly.

This is the truth we can prove.

Core Security Philosophy

Solid Invoice is built on three foundational principles:

1. Local-First Security

Your business data is stored locally on your device and protected by Apple’s platform security features (device passcode/biometrics, Data Protection, sandboxing, and encrypted storage).

Important nuance: when you choose to export or share data (PDF/CSV/email), you are intentionally creating copies that may live outside the app’s protected storage. Solid Invoice treats exports as a deliberate step.

2. No-Server Trust Model

Solid Invoice operates no application servers and does not receive your invoices, client lists, or document contents.

3. Longevity Over Convenience

Security decisions favor durability, auditability, and long-term resilience over short-term convenience.

Threat Model

Solid Invoice is designed to reduce risk from

• Loss or theft of a device (when protected by a passcode/biometric lock)
• Cloud storage compromise of synced blobs (when iCloud Sync is enabled and the app encrypts before upload)
• Network interception (transport security is handled by Apple’s platform networking stack)
• Unauthorized local access while the app is locked (app-level lock and redaction behaviors)

Solid Invoice does not claim to protect against

• A fully compromised, unlocked device under attacker control
• OS-level exploits outside the app sandbox
• The consequences of intentionally sharing/exporting data to other apps, services, recipients, or locations

Data at Rest

Local Storage

• Business data (clients, invoices, quotes, expenses, settings) is stored locally in the app’s sandboxed container.
• At rest, this storage is protected by Apple’s platform security (including encrypted storage and Data Protection tied to device authentication).
• Solid Invoice is designed to minimize unnecessary exposure of sensitive content (for example, through lock/redaction behaviors and privacy-aware export confirmations).

Data in Transit

Network Transport

• Network communication with Apple iCloud (CloudKit) services uses Apple-managed secure transport (TLS).
• Solid Invoice does not implement or customize transport-level cryptography; transport security is negotiated and enforced by the operating system.

Application-Level Encryption (for Sync)

• When iCloud Sync is enabled, Solid Invoice encrypts sensitive data before uploading it to Apple iCloud services (pre-egress encryption).
• As a result, Apple’s iCloud (CloudKit) servers receive encrypted blobs rather than readable invoice/client content.

Cloud & Sync Model

No Solid Invoice Servers

• Solid Invoice does not operate backend application servers for storing or processing your business data.
• There is no server-side processing of invoice/client contents by Solid Invoice.
• Solid Invoice does not receive or store your encryption secrets as a service.

Apple iCloud Sync (User-Optional)

• Sync, when enabled, is handled by Apple iCloud services.
• Solid Invoice encrypts sensitive sync payloads before upload so that what is stored remotely is not in app-readable plaintext form.

Key Management

• Solid Invoice relies on Apple platform security mechanisms for secure storage and protection of sensitive key material.
• This document does not claim a specific key lifecycle (generation, roaming, escrow, rotation) unless it is explicitly implemented and verifiable from source.
• Solid Invoice does not expose encryption secrets in the UI and does not intentionally transmit them to Solid Invoice-controlled servers (because no such servers exist).

App Lock & Local Protection

• Solid Invoice includes an application-level lock system.
• When locked:
  • UI content is redacted
  • Sensitive state is cleared
  • Access to sensitive views/actions is gated by device authentication
• Lock behavior persists across app restarts.

Post-Quantum Readiness

Solid Invoice does not claim post-quantum security today.

• We avoid making promises about future cryptographic threats in this document.
• We track platform evolution and will update documentation when concrete, shipped, verifiable protections exist in the product.

Verification & Testing

• Security-sensitive flows (lock/redaction, export confirmations, failure handling) are verified through ongoing testing.
• Where possible, behaviors are validated across app restarts and device states.

Privacy Statements

• Solid Invoice does not operate a server that receives your invoice/client document contents.
• Solid Invoice is designed to avoid third-party tracking as a product principle.
• Published privacy disclosures (App Store / Privacy Manifest) are the authoritative statement of data collection and usage.

What This Means for Users

• Your data is stored locally and protected by Apple’s platform security.
• No Solid Invoice server can read your invoices or clients (because Solid Invoice runs no servers for your document contents).
• If you enable iCloud Sync, Solid Invoice encrypts sensitive data before upload, so iCloud stores encrypted blobs rather than readable content.
• Exports and sharing are intentional: when you create a PDF/CSV or email a document, you are creating a copy outside the app’s protected storage.

Summary

Solid Invoice’s security posture is:

• Local-first
• Serverless (no Solid Invoice backend for document contents)
• Grounded in Apple platform security
• Privacy-aware about exports/sharing

This document reflects current, defensible statements, not promises.

This whitepaper is a living document and will be updated as platform capabilities and verifiable product behaviors evolve.