Your schedule data never leaves
your machine. That's the design.
SSIM Toolkit is a local desktop app. Commercial schedule data — the kind that makes a CISO read the policy before the product page — is read and analysed on-device, and stays there. There is no cloud to send it to.
Where the data goes.
And where it doesn't.
Your schedule files stay where you put them — on your machine. They're opened, parsed, and analysed locally and never uploaded. We have no server that could read them, because there is no server in the path.
Parse → validate → analyse runs entirely on-device, with no network access. The result is deterministic: the same file always produces the same answer, and every output traces back to a field in the spec — no model computes your numbers.
your file (on your machine) ↓ parse · validate · analyse — fully offline typed, queryable schedule (stays on your machine)
The app may reach the network for two things only: verifying your licence and checking for updates. Neither carries any of your schedule content. You can run the product fully offline within your licence's grace period.
- · Your schedule file contents · ever.
- · The parsed records, or any personal data inside them.
- · Your saved queries, bookmarks, or in-app notes.
- · Anything tying telemetry back to your data.
Local-first, by construction.
Your data, on your machine
Schedule files are read, parsed, and analysed entirely on-device. Nothing about your schedules is uploaded, mirrored, or processed on our servers.
The pipeline makes no network calls
Parse → validate → analyse runs fully offline. You can pull the network cable and the product keeps working on the files you have.
Deterministic by construction
Same file in, same answer out. There is no model, no sampling, no guessing — every field is derived from the spec, and runs are reproducible.
Licensing & updates carry no schedule data
Activation and update checks may touch the network, but they send none of your file contents — only what's needed to verify a licence or fetch a release.
No schedule content in telemetry
Optional usage telemetry is anonymous and aggregate. It never contains file contents, parsed records, paths, or anything that identifies your data.
AI access is read-only & on-device
The optional MCP server that lets an AI assistant query your schedule runs locally over a private socket and is strictly read-only — it can explore, never modify — and exposes only schedule/domain information, never internal detail or host paths.
Code-signing
macOS notarization and Windows code-signing are being set up so the installer verifies cleanly on each platform.
Reporting a vulnerability
Email security@activeflights.com. We respond within 24 hours, run a 90-day disclosure window, and credit researchers who report responsibly. PGP key on the contact page.