Security
We don't ask you to trust us. We let you verify.
Maho's security story isn't a marketing badge. It's an architecture you can verify, network behavior you can observe, and a team you can reach. Each section below is something you can check yourself.
Audit status
Audit status
External audit: not currently contracted. Our security architecture is independently verifiable through network behavior, published design documents, and direct contact with the developer.
If and when an external audit engagement is opened, this section will be updated with the vendor, scope, and findings. We will publish any report whether the findings are flattering or not.
Architecture
Three design choices do most of the work.
E2E
End-to-end-encrypted sync
The Maho sync relay holds ciphertext only. Plaintext exists on your devices. The keys live on your devices. If someone breached the relay tomorrow, they'd hold a pile of bytes they cannot read.
Zero-knowledge
Zero-knowledge by construction
We can't decrypt your sync data because we don't have the keys. This is a structural property of the protocol, not a policy promise. The audit checks that the structure actually holds.
BYOK
Bring your own key by default
For AI features, you supply the LLM provider key. Your prompts go from your device to the provider you chose. Maho is not in the middle, and we don't see what you ask, write, or read.
How to verify
- Observe network behavior. Open Activity Monitor on macOS (or Wireshark), and confirm Maho does not transmit browsing data or email content in normal use.
- Read the published architecture docs. Our sync encryption design and zero-knowledge protocol are documented at /blog/sync-architecture-end-to-end.
- Contact the developer directly. Maho is built by an individual developer — email [email protected] with specific questions about security design decisions.
- Run your own relay. Self-hosting instructions live in the relay README, letting you control the entire sync path.
A note on trust
Many AI products in this category score below 2.0 / 5.0 on third-party review sites. The recurring complaints are unexpected charges, hard-to-find cancel buttons, and vague answers about where data goes.
Our response isn't to ask you to trust us harder. It's to put the architecture, the billing flow, and the audit on this page so you can check the answers yourself. See also the pricing page.
Security contact
Vulnerability reports: [email protected]. General questions: [email protected].