Trust boundaries

Security model

MultiGrid separates local application data, operating-system credentials, upstream providers and optional hosted services. Local-first does not mean every request remains on-device: cloud model requests are sent to the provider you select.

Credentials

The native Tauri shell stores provider keys and hosted session tokens through Windows Credential Manager, macOS Keychain or Linux Secret Service. Secrets are supplied only to the loopback gateway process and should never enter SQLite, logs or API responses.

Local data

Conversations, routes, analytics, agents, memory, tasks and execution records are persisted locally in SQLite. Anyone with access to the local operating-system account or an unencrypted device backup may be able to read that database.

Network exposure

The development gateway binds to loopback by default. A local gateway API key can protect compatible clients. Optional hosted inference requires a MultiGrid application key or user session and is distinct from private desktop administration endpoints.

Third-party providers

When you select a cloud model, prompts and related content are processed under that provider’s terms and privacy practices. Review model-specific data-use disclosures before sending sensitive information.

Report a vulnerability

Do not open a public issue for a vulnerability. Email security@multigrid.ai with reproduction steps, impact and affected versions. Do not include active credentials or unnecessary personal data.