Sam Central

Legal

Security

This page explains the security approach for Sam Central: how data is protected on-device, how optional sync works, and what happens when you use Sana (the AI assistant).

Last updated: 2026-01-16

Transport security

Network traffic between the app/website and services is sent over HTTPS (TLS).

On-device storage

By default, Sam Central stores your tracking data locally using Apple Core Data (SQLite). Your device’s built-in security features (device passcode, Secure Enclave, OS-level data protection) help protect this data.

iCloud sync (optional)

If you enable iCloud sync, Sam Central uses Apple CloudKit to sync your database across devices signed into the same Apple ID. Apple manages the underlying security controls for iCloud/CloudKit.

Sana (AI assistant) security

  • Ephemeral networking: the app uses an ephemeral URL session for Sana requests (reducing local caching).
  • Access tokens: premium access is gated by short-lived tokens stored in the iOS Keychain.
  • Third-party processing: when Sana is enabled, requests are processed via a Cloudflare Worker and the OpenAI API. See Privacy Policy for details on what data may be sent.

Responsible disclosure

If you believe you’ve found a security issue, please report it to hamzeh@alumni.harvard.edu with steps to reproduce. Please do not publicly disclose until we’ve had a chance to investigate.