$_tuish

Security and Data

How Tuish protects your data and your customers' data

Security and Data

Tuish is designed with privacy and security as core principles. This page explains our approach.

Design Philosophy

Offline-First = Privacy-First

Traditional licensing requires "phone home" checks:

❌ Traditional: App ──▶ Server (every run) ──▶ Track user

Tuish uses cryptographic verification:

✅ Tuish: App ──▶ Local verification (no network)

This means:

  • No tracking of when users run your app
  • No dependency on Tuish servers being online
  • No data collection from end users

What Data We Collect

Developer Data (You)

DataPurposeStorage
Email addressAccount managementCloudflare D1
Stripe account IDPayment processingCloudflare D1
Product detailsLicense generationCloudflare D1
API usage metricsService improvementAggregated only

End User Data (Your Customers)

DataPurposeStorage
License keyVerificationUser's machine only
Machine fingerprintMachine bindingIn license token

We do not collect:

  • Personal information from end users
  • Usage telemetry
  • IP addresses (except in standard server logs)
  • Behavioral data

Data Flow

License Issuance

1. Customer pays (Stripe handles card data)
2. Tuish generates license token
3. Token sent to customer's machine
4. Token stored locally (~/.tuish/)
5. No ongoing data collection

License Verification

1. App loads license from disk
2. App verifies signature locally
3. No network call
4. No data sent anywhere

Cache Refresh (Every 24h)

1. SDK sends license key and machine fingerprint to Tuish API
2. API verifies license and returns validity status
3. Only license key and machine fingerprint transmitted

Security Measures

Cryptographic Security

ComponentAlgorithmPurpose
License signingEd25519Tamper-proof licenses
API key hashingSHA-256Developer authentication
API keysCryptographically randomAuthentication
Machine fingerprintsSHA-256Machine binding

Infrastructure Security

ComponentProviderSecurity
APICloudflare WorkersEdge computing, DDoS protection
DatabaseCloudflare D1Encrypted at rest
SecretsCloudflare SecretsEncrypted storage
DNSCloudflareDNSSEC

API Security

MeasureImplementation
TransportTLS 1.3 only
AuthenticationAPI keys + rate limiting
CORSStrict origin policy
Input validationAll endpoints validated

Threat Model

What We Protect Against

ThreatProtection
License forgeryEd25519 signatures
License tamperingSignature verification
License sharingMachine binding
Replay attacksMachine fingerprint binding + expiration timestamps
Man-in-the-middleTLS + signature verification
Server compromiseOffline verification still works

What We Don't Protect Against

ThreatReality
Binary patchingDetermined users can bypass
Clock manipulationUsers can backdate system
Key extractionPublic key is extractable

Tuish provides "honest user" protection—sufficient for most commercial software. For high-security needs, consider additional measures.

Machine Fingerprinting

Machine fingerprints bind licenses to specific devices:

fingerprint = SHA256(hostname + username + platform + arch)

Privacy Considerations

  • Fingerprint is a one-way hash
  • Cannot reverse to identify user
  • Only stored in the license token (on user's machine)
  • Not sent to Tuish servers during verification

Stability

The fingerprint is stable across:

  • ✅ Reboots
  • ✅ App updates
  • ✅ Minor OS updates

May change on:

  • ⚠️ Username change
  • ⚠️ Hostname change
  • ⚠️ Major OS reinstall

OTP Security

Terminal purchase uses SMS OTP:

MeasurePurpose
5-minute expiryLimits attack window
Single usePrevents replay
Rate limitingPrevents brute force
Phone verificationProves identity

Limitations

SMS OTP is not perfect:

  • SIM swapping attacks exist
  • SMS can be intercepted

For the threat model of CLI licensing, SMS OTP provides reasonable security. For higher-security needs, browser checkout with Stripe's 3DS is available.

Data Retention

DataRetention
Developer accountsUntil deletion requested
License recordsUntil product deleted
API logs30 days
Error logs7 days

Data Deletion

Developers can:

  • Delete their account via CLI or dashboard
  • All associated data is removed within 30 days

End users can:

  • Delete local license files (~/.tuish/)
  • No server-side data to delete

Compliance

GDPR

  • Minimal data collection
  • Clear consent for data processing
  • Data portability (export via API)
  • Right to deletion

PCI DSS

  • Tuish never handles card data
  • All payments through Stripe
  • Stripe handles PCI compliance

Security Reporting

Found a security issue? Contact us:

We do not currently have a bug bounty program, but we appreciate responsible disclosure.

Stripe Connect Model

How payments flow through Tuish using Stripe Connect

On this page

Security and DataDesign PhilosophyOffline-First = Privacy-FirstWhat Data We CollectDeveloper Data (You)End User Data (Your Customers)Data FlowLicense IssuanceLicense VerificationCache Refresh (Every 24h)Security MeasuresCryptographic SecurityInfrastructure SecurityAPI SecurityThreat ModelWhat We Protect AgainstWhat We Don't Protect AgainstMachine FingerprintingPrivacy ConsiderationsStabilityOTP SecurityLimitationsData RetentionData DeletionComplianceGDPRPCI DSSSecurity Reporting