Security

Architecture-based security. Not policy-based promises.

DocFort's security posture is defined by what doesn't exist — no servers, no databases, no APIs. You can't breach what isn't there.

Trust Posture

No servers

DocFort has no backend servers. Your data lives on your device and optionally in your iCloud account. There is no DocFort database to breach.

On-device processing

OCR runs locally via Apple Vision on your iPhone or iPad. Document images never leave your phone. No data is transmitted to any server during scanning.

2 sub-processors

Apple CloudKit (sync) and Apple StoreKit (payments). That’s the complete list. No analytics SDKs, no crash reporters, no third-party data processors.

Image destruction

Source images are permanently destroyed at the point of metadata extraction. No recovery is possible. The only data retained is extracted text (names, dates, numbers).

What We Don't Have

The following components do not exist in DocFort's architecture. They cannot be compromised because they were never built:

No user database

No analytics pipeline

No crash reporting SDKs

No third-party SDKs of any kind

No server-side storage

No API endpoints

No cookies or tracking pixels

No advertising identifiers

Encryption

At rest

iOS Data Protection encrypts on-device data. Requires passcode or biometric to access.

In transit

CloudKit uses end-to-end encryption with per-user keys managed by Apple. We cannot read your synced data.

Team Data Boundaries

In Team plans, admins see compliance status (current, expiring, expired) — never the document itself. Each employee's scanned data stays on their own device. The admin dashboard shows aggregated status, not source material.

Compliance Roadmap

DocFort is pre-SOC 2 audit. We have mapped our controls against SOC 2 Type II trust service criteria:

Criteria	Status	Detail
CC6.1 — Logical access controls	Met	Sign in with Apple + device biometrics (Face ID / Touch ID)
CC6.6 — System boundaries	Met	No servers = no network perimeter to defend
CC6.7 — Data in transit	Met	CloudKit end-to-end encryption with per-user keys
CC6.8 — Unauthorized access prevention	Met	No attack surface — no servers, no APIs, no databases
CC7.2 — System monitoring	In Progress	App Store Connect Analytics (no third-party tools)
CC8.1 — Change management	Planned	Xcode Cloud CI/CD pipeline (pre-launch)
A1.2 — Recovery objectives	Met	iCloud backup + on-device SwiftData — no single point of failure
C1.1 — Confidential data protection	Met	E2E encryption + irreversible image destruction at extraction
PI1.1 — Processing integrity	Met	Deterministic on-device OCR — same input always produces same output

Responsible Disclosure

If you discover a security vulnerability, please report it to us. We will acknowledge your report within 48 hours and work to resolve the issue promptly.

Contact & Resources

For security inquiries or to report a vulnerability: .