Neekware ← Back to Home

Neekware Inc. Security Policy

Last Updated: 2026-03-01

1. Introduction

Neekware Inc. is committed to protecting the security, integrity, and availability of our systems and our users’ data. This Security Policy describes the technical and organizational measures used to protect ehAye™ Engine and related services.

2. Local First Architecture

ehAye™ Engine operates under a local first security model:

  • All processing occurs on your device
  • Your projects, files, and content remain local
  • No cloud storage of user content is required
  • Network communication is limited to licensing, authentication, and optional telemetry

This structure materially reduces exposure to centralized data breaches.

3. Data Protection Scope

3.1 Data in Transit

All communications between ehAye™ Engine and Neekware Inc. infrastructure are encrypted using industry standard TLS protections, including:

  • License activation and verification
  • Account authentication
  • Optional crash diagnostics and telemetry

3.2 Local Data Storage

ehAye™ Engine stores the following locally on your device only:

  • Streaming credentials and API keys
  • Project files and generated content
  • Application configuration and preferences

User Responsibility: Because data is stored locally, you remain responsible for:

  • Device level security controls
  • Secure backups
  • Protection of local credentials

4. Authentication and Access Control

  • Industry standard OAuth based authentication
  • Secure session management
  • Passwords are not stored by Neekware Inc
  • Identity provider security controls govern login protection

5. Vulnerability Reporting and Responsible Disclosure

We support responsible security research and coordinated disclosure practices.

Reporting Process

Security issues should be reported to security@neekware.com with:

  • Description of the vulnerability
  • Reproduction steps
  • Supporting logs or proof of concept
  • Potential impact analysis
  • Researcher contact information

Good faith security research will not result in legal action.

6. Internal Security Practices

6.1 Development Controls

  • Secure coding standards
  • Regular dependency vulnerability scanning
  • Security focused code reviews

6.2 Infrastructure Controls

  • Active monitoring of licensing infrastructure
  • Regular patching and update cycles
  • Minimal exposed network surface

6.3 Data Minimization

  • Email for authentication
  • License verification metadata
  • Optional anonymized diagnostics only by user opt in

7. AI Agent (Dojo) Execution Model

ehAye™ Engine includes an AI coding agent ("Dojo") that can perform actions on your local system, including:

  • Executing shell commands and scripts
  • Reading, creating, modifying, and deleting files
  • Writing to terminal sessions (PTY)
  • Installing packages and dependencies
  • Making network requests via tools and MCP integrations

AI output is inherently unpredictable. Dojo relays instructions from third-party LLM providers that Neekware Inc. does not control, host, or monitor. AI-generated output may contain errors, hallucinations, security vulnerabilities, intellectual property infringement, open-source license contamination, personally identifiable information, or unintended behaviors. AI-generated actions may be unexpected, incorrect, or destructive.

Permission controls:

  • ehAye™ Engine provides configurable permission modes that allow you to control what actions the AI agent can perform, such as file modifications, command execution, and network access
  • You are responsible for configuring permission levels appropriate to your security requirements

Security boundaries:

  • Dojo operates with the same permissions as your user account
  • No sandboxing or privilege escalation is applied beyond OS-level permissions
  • All actions are initiated through user interaction (no autonomous background execution without user triggering a session)

Your responsibility:

  • Review all AI-suggested actions before allowing execution
  • Configure permission levels appropriate to your security requirements
  • Maintain backups of critical files and data
  • Understand that AI-generated commands carry the same risk as manually entered commands
  • Configure appropriate OS-level permissions and access controls
  • Ensure that AI-generated output does not infringe intellectual property or introduce copyleft-licensed code into your projects

8. Third-Party Integrations

ehAye™ Engine supports external integrations, including:

  • LLM providers (Anthropic, Google, OpenAI, and others) via bring-your-own-key or Neekware-provided LLM access plans
  • MCP-based tool integrations
  • Telegram Bot API for session notifications
  • Stream providers

When using third-party services:

  • All credentials (API keys, bot tokens, chat IDs) are stored locally only
  • Neekware Inc. has no access to external credentials or traffic when you use your own API keys
  • When using a Neekware-provided LLM access plan, request metadata may be processed for billing, but prompt and response content is not logged or stored
  • External data is governed by third-party privacy and security policies
  • Users are solely responsible for third-party security compliance

Telegram integration: The application makes its best effort to restrict Telegram connections to private groups and private accounts only. However, Neekware Inc. cannot guarantee the privacy of any Telegram chat or group you configure.

9. User Security Responsibilities

Users are expected to:

  • Maintain strong authentication credentials
  • Enable two factor authentication with identity providers
  • Keep operating systems and software updated
  • Protect license keys and streaming credentials
  • Avoid unauthorized sharing of access
  • Immediately report suspected compromise

10. Incident Response

If a verified security incident occurs:

  • We will investigate and contain the issue
  • Impacted users will be notified when legally required
  • Regulatory notification will be made where applicable
  • Remediation steps will be implemented promptly

11. Beta Software and Developer Tool Notice

ehAye™ Engine is a developer productivity and experimentation tool intended for human-supervised workflows and not for production use. It is currently distributed as beta software. While security best practices are enforced, users acknowledge that undiscovered vulnerabilities may exist during active development.

The software is not designed, tested, or intended for production infrastructure, mission-critical systems, safety-critical environments, or unattended operation.

12. Policy Updates

This Security Policy may be updated periodically. The Last Updated date reflects the most recent revision. Continued use of the Services constitutes acceptance of the updated policy.

13. Governing Law and Venue

These Terms are governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles. Exclusive jurisdiction and venue shall reside in the courts located in Waterloo, Ontario, Canada.

The English version of this document is the only legally binding version. Any translations may be AI-generated, may contain inaccuracies, and are provided solely for convenience.

14. Related Legal Documents

15. Contact Information

Security Contact
Email: security@neekware.com

Corporate Address
Neekware Inc.
133 Weber St. N. Suite 3-204
Waterloo, ON N2J 3G9
Canada

Legal Contact
Email: legal@neekware.com