Help Center › Security & privacy

Security & privacy

Watchword is built privacy-first. Here's exactly what data exists, where it stays, and the guarantees that keep one client's information out of another's — and keep passwords and PII out of everything.

1 · Local-first by default

By default, Watchword runs entirely in your browser. The training library, the simulator, scoring, and the MSP console make no network calls and require no account. Your data lives in browser localStorage on your device. Nothing leaves your machine unless you sign in and explicitly sync or publish.

2 · Boolean-only captures (no passwords, ever)

When the simulator models a recipient "submitting" the fake form, it records only that data was entered — never the password, never its value, never even its length. There is no field anywhere that stores a typed credential. This "captures are boolean" rule is a hard design constraint, asserted by the project's verify suite.

This is a real differentiator: many tools log what users type. Watchword can prove a person fell for a lure without ever holding their password.

3 · Tenant isolation & no cross-tenant PII

For MSPs, strict client isolation is enforced at multiple layers:

Guarantee	How it holds
Active client's data is the only data in play	Switching clients swaps each client's roster, campaigns, assignments, and progress in and out. One client's data is never visible while another is active.
The cross-client board never merges data	Each board row is computed from a defensive copy of that client's own slice — never a merge, never the active working state.
You can't reach a tenant outside your subtree	An authorization gate refuses any tenant that isn't your MSP root or a direct client child — it throws rather than returning data.
The board exposes aggregates only	Counts and risk bands cross tenant boundaries — recipient-level events, emails, and captures never do.
The cloud mirrors the boundary	Each client syncs under its own scoped store key; Keystone derives the tenant from your verified session server-side. The client never asserts a tenant id — there is no header a product could set to act as another tenant.

4 · Domain authorization (anti-abuse)

Watchword refuses to send a simulated phish to any domain that hasn't been proven to belong to the tenant. The gate uses per-tenant, scoped, rotating tokens bound to a single verified domain — replacing the old static-allowlist-header pattern, which was effectively a standing inbox-injection backdoor. Full details in Sending safely.

5 · BYO-key AI & the abuse fence

Your key stays in your browser. AI generation is client-direct: your browser calls the LLM provider itself. The key is stored only locally and never touches a DosanjhLabs server.
The abuse fence post-filters generated lures: real credential-capture forms, password inputs, cookie/exfiltration code, and "actually steal" instructions are blocked.
The brand guard refuses to impersonate a named company unless you explicitly toggle "disclosed internal exercise".

This keeps the AI a simulation aid, never a weapon. See AI-generated lures.

6 · PII-free cloud & evidence payloads

Everything that can leave your browser is PII-free by construction:

Payload	What it contains	What it never contains
Cloud sync summary	Completion %, course-completion records, campaign phish-prone stats, per-tenant id.	Learner emails, captured submissions, AI keys.
Evidence object (published or exported JSON)	Control state, framework references, aggregate counts (completion %, courses done, campaigns run, phish-prone, open/overdue assignments).	Learner emails, captured data — marked `pii: "excluded"`.
Live-send payload	The simulated lure subject and a campaign reference.	Passwords, captured data, secrets.

The bridge that feeds the cloud module simply has no getter for emails, captures, or keys — so that data physically cannot reach the sync or publish calls.

A note on CSV exports. The browser-only CSV exports under Program → Reports & exports (completion, campaign, risk) do include roster names/emails for your auditor packs — but they download to your machine and are never uploaded. Only the cloud sync and the published/exported evidence object are PII-free. Handle exported CSVs per your own data policy.

7 · Quick reference: what leaves your machine

Action	Leaves your machine?
Taking a course, running a sim, viewing analytics, switching clients	No — fully local.
Downloading a CSV / JSON export	No — saved to your device.
Signing in	Yes — authenticates with your DosanjhLabs account.
Cloud sync up/down	Yes — PII-free summary only.
Publish evidence	Yes — PII-free evidence object.
DNS-TXT verify	Yes — a DNS lookup of your verification host.
Live send	Yes — PII-free lure payload to cleared recipients only.
AI generation	Yes — but directly to your LLM provider, not through us.

← Cloud / Pro Next: Troubleshooting & FAQ →