Ilvarion processes all data locally on your device. We do not collect personal data. We do not operate servers that receive your data. We have no analytics, no telemetry, and no user accounts.
Ilvarion is a local network proxy that scans AI API traffic for prompt injection attacks. It intercepts HTTPS connections to a specific set of AI API domains (listed below), decrypts them using a locally-generated certificate authority, inspects the request content for injection patterns, and forwards the request to the intended destination.
##Intercepted domains
Ilvarion only intercepts traffic to these specific domains. All other network traffic is completely untouched and never passes through Ilvarion:
Organizations using MDM can add additional domains via managed app configuration.
##Network connections made by Ilvarion
Ilvarion makes the following network connections. There are no other outbound connections.1. Forwarding your AI API requests to their intended destination (the core function of the proxy). Request content may be modified if a prompt injection is detected.2. Checking for software updates via an appcast.xml file hosted on ilvarion.com. This check transmits the current app version, macOS version, CPU architecture, and preferred language. No personal data, API keys, or request content is included.3. If and only if an organization's IT administrator has configured a SIEM webhook URL via MDM (managed app configuration), scan event metadata (timestamp, target host, pattern matched, severity) is sent to that organization-controlled endpoint. This is never enabled by default and cannot be configured by the user — only by MDM.
##Data stored locally
The following data is stored on your device at ~/Library/Application Support/com.ilvarion.Ilvarion/:- Scan logs: timestamp, source (api-proxy or mcp-proxy), target host, whether an injection was detected, match count, matched pattern IDs, severity, and request size in bytes. No request body content is stored. Logs are automatically deleted after 30 days.- Daily aggregate statistics: date, total requests scanned, total injections blocked. Retained for 365 days.- CA certificate (public): stored as a PEM file. This is not sensitive.- CA private key: stored in the macOS Keychain (encrypted at rest), protected by kSecAttrAccessibleWhenUnlockedThisDeviceOnly. The private key is never written to disk in plaintext after initial generation.- User preferences: proxy port, notification settings, launch-at-login preference. Stored via macOS UserDefaults.
##Data we collect
We do not collect personal data. Ilvarion has no user accounts, no analytics, no crash reporting, and no usage telemetry. The only network connections Ilvarion initiates are those listed in the "Network connections" section above.
##Data we share
We do not share data. The SIEM webhook feature (enterprise only, MDM-configured) sends scan event metadata to infrastructure controlled by the organization's IT administrator, not to Ilvarion or any third party.
##Detection method
Ilvarion uses deterministic regex pattern matching and heuristic scoring to detect prompt injections. No AI or machine learning model is used for detection. No request content is sent to any external service for analysis.
##Certificate authority
Ilvarion generates a local root CA certificate on your device during setup. This certificate is used solely to decrypt AI API traffic for inspection. The private key never leaves your device. You can remove the CA at any time via the app's settings, which also removes it from the macOS trust store.
##Auditing
Enterprise customers can request a full source code audit. Contact us for details.