Scalisos LabsJITTER
Active
Protocol:Active
Connection:Isolated
Encryption:HMAC-SHA256
Zero-Server Architecture Active
Privacy Manifesto — Scalisos Labs

Your Intent
is Your Own.

At Scalisos Labs, we don't just protect data — we ensure it never exists on our servers. JITTER is built on a Zero-Server Architecture. Your biometric signal is measured, sealed, and destroyed entirely within your own machine.

01 — The Anatomy of Local Integrity

Three steps. One machine.
Zero servers.

The entire verification lifecycle — from first keystroke to cryptographic seal — is completed within your browser. The wall is structural. No bypass exists.

USER DEVICE — LOCAL ENVIRONMENTSTEP 01Local InputKeystroke events captured — timing onlytiming data onlySTEP 02JITTER EngineCV · CPP · PD — browser-native computationV_bio scoreSTEP 03HMAC Cryptographic SealSession-unique · tamper-evident · local keyσOUTPUT SCORE0.847verified human · nothing else transmittedTHE WALLBARRIERPUBLIC NETWORK — EXTERNALPUBLIC INTERNET● ISOLATEDNo inbound / no outboundBLOCKEDNo raw keystrokes, content, or biometric data ever leave your local environment.
02 — Data Integrity Guarantee
SCALISOS LABS — ARCHITECTURAL COMMITMENTJITTER-HVP v1.0 · Effective from first deployment · Non-negotiable
§ I.
GDPR / CCPA / ISO 27001

GDPR Compliance — Article 25

Privacy by Design and by Default

The JITTER-HVP architecture was designed from first principles to be compliant with GDPR Article 25. No consent banner is required because no personal data is processed. The measurement is of behaviour, not identity. No data subject exists. No data controller is required.

§ II.
BINDING — No Exceptions

No Data Monetization

Absolute Prohibition on Commercial Use of Biometric Signal

Scalisos Labs does not sell, license, share, or derive commercial value from any biometric signal generated by JITTER-HVP. The signal is ephemeral, session-bound, and cryptographically destroyed at tab close. No derivative dataset is created. No inference model is trained. This is architectural, not policy.

§ III.
HMAC-SHA256 — Tamper-Evident

Cryptographic Proof of Work

The Score is a Receipt, Not a Report

The HMAC-SHA256 seal binds the verification score to a session-unique key derived from the browser's native Crypto.subtle API. The seal cannot be replicated across sessions, transferred to another context, or forged. The score is not an opinion. It is a mathematical proof.

Issued by Scalisos Labs · Digital Integrity Research Unit · 2026
Architectural Guarantee — In Force

"The right to write privately
is the right to think freely."

Scalisos Labs — Privacy Manifesto, 2026