StyleOCR

Security Architecture

How StyleOCR keeps documents on your device and when optional local services run.

StyleOCR security architecture

StyleOCR is a desktop OCR application (Tauri-based) built around on-device recognition. The product goal is simple: your files are processed where you can see them—on your computer—without routing document content through StyleOCR-operated cloud OCR APIs.

Document scope

This page describes the intended design of the shipping app. Exact sandboxing, entitlements, and network rules can vary by platform build (for example macOS vs Windows) and release channel. When in doubt, inspect the privacy policy packaged with your build.

Trust boundaries

BoundaryWhat it protectsTypical controls
T1 · You ↔ StyleOCRUI actions, file pickers, clipboardOS user session; app code signing / notarization where applicable
T2 · StyleOCR ↔ files you chooseSource images & PDFs, exported documentsExplicit user selection; path access limited to what the OS grants the app
T3 · StyleOCR ↔ local servicesMCP HTTP on localhostLoopback-only listener; treat endpoint URL as sensitive on shared machines; no WAN exposure by default
T4 · StyleOCR ↔ the internetModel downloads, app updates, billingHTTPS to vendor CDNs or storefront APIs; only triggered by user-initiated installs, updates, or purchases

There is no trust boundary for “StyleOCR ↔ your mailbox” because the app is not an email client.

Architecture overview

Model downloads

Vision weights ship separately from the thin installer. When you install or switch a model, the app fetches bytes over HTTPS, verifies integrity where a manifest is provided, and stores files under application data directories on your machine. There is no design goal of uploading your corpus to StyleOCR for training from this workflow.

MCP server

The optional MCP listener lets compatible assistants talk to StyleOCR on localhost only. Enable it deliberately, restart after port changes, and avoid exposing the URL on shared computers.

Data handling summary

Data classTypical storageNotes
Task metadata & progressLocal database in app support folderDescribes jobs you created; not a cloud sync service
OCR / VLM outputDerived files you export or downloadYou control where they are saved
Model binariesCached under app-managed directoriesDelete from Settings if you need space
Billing tokensHandled by the storefront SDKSubject to Apple / Microsoft / Stripe policies for that build

Sensitive content in your source documents (PII, financial, health) should be handled according to your policies—StyleOCR does not need account passwords for third-party mail servers because it never connects to them.

Secure engineering practices (high level)

ThemeStyleOCR approach
Minimize dataNo central repository of user documents operated by the OCR feature set
Validate inputsFile-type checks, size limits, and safe parsing pipelines for images/PDFs
Supply chainSigned releases; dependency pinning in the engineering repo
Local attack surfaceMCP bound to loopback; disable the server when not needed on shared laptops

Frequently asked questions

Does StyleOCR upload my PDFs to the cloud for OCR?

The core pipeline is on-device. Network use is mainly for model downloads, app updates, and store billing when you use those features—not for routing every page through a project-operated cloud OCR API. Refer to your build’s privacy policy for any analytics or crash reporting details.

Can other people on my Wi-Fi call my MCP server?

By default the MCP listener is on localhost only. Remote access would require explicit OS-level tunneling or misconfiguration outside the app’s normal settings.

Is SQLCipher used for email storage?

No. Legacy documentation that mentioned IMAP / SQLCipher for mail described a different product shape. StyleOCR stores task state locally; it does not implement a mailbox sync engine.


For legal commitments about data, follow the Privacy Policy published on the StyleOCR website for your locale.