Murmly acts on your behalf across your most sensitive tools. We designed it so that local-first is the default, every cloud call is gated and audited, and you can prove exactly what touched the network.
Transcription and cleanup can run entirely on-device. Cloud is opt-in.
When policy says no network, the cloud client is refused outright — no silent fallback.
Every action lands in a hash-chained log you can verify on demand.
Every mutating operation is reversible. High-risk actions confirm first.
Murmly minimizes the existence of your most sensitive data rather than just securing it. Audio is processed and discarded; what's stored is yours and stays on your device by default.
Speech is transcribed locally (Whisper / Parakeet) and the audio buffer is dropped immediately. Only text moves forward through the pipeline.
OAuth tokens and account secrets are sealed with the OS keystore (Windows DPAPI, per-user) — never written in plaintext, never bundled in the app.
An audited HTTP layer checks policy before any request leaves the process. Blocked calls are logged with the reason — defence in depth, even against our own bugs.
Audit rows store SHA-256 hashes of recipients and subjects — enough to prove what happened, never the content itself.
Murmly's architecture is built toward the controls these frameworks require. We're actively pursuing formal attestations as we scale.
We take security reports seriously and respond quickly. Disclose responsibly and we'll work with you on a fix.