Privacy and security by default

Collect only what you need, prefer on-device processing, and require opt-in for non-essential data. Store secrets in platform keystores, never in plaintext.

Data minimization

Collect only what is needed. Prefer on-device processing.

Opt-in for non-essential data collection. Honor "deny" gracefully — the app must remain functional.

Secure storage

Tokens and credentials MUST use platform secure storage (Keychain, EncryptedSharedPreferences, DPAPI, HttpOnly cookies).

No PII logging

Never log personally identifiable information, even at debug level.

TLS only

All network communication MUST use HTTPS.

Input sanitization

Sanitize all user input before display (prevent XSS, injection).

Each spec SHOULD include a Privacy section documenting data collected and how it is stored.

Privacy

Privacy and security must be built in from day one. Collect only what is needed. Prefer on-device processing. Opt-in for non-essential data collection. Honor "deny" gracefully — the app must remain functional. No PII in logs, even at debug level. All network communication MUST use HTTPS.

Content Security Policy: Configure CSP headers to restrict script sources and prevent XSS.
HttpOnly cookies: Use HttpOnly secure cookies for authentication tokens. Never store tokens in localStorage.
Input sanitization: Sanitize all user input before display to prevent XSS and injection.
TLS only: All network communication MUST use HTTPS.
Minimize third-party scripts. Respect the Do Not Track header.

C#

Declare only required capabilities in Package.appxmanifest — avoid broadFileSystemAccess unless essential
Use DPAPI for local secret storage (see secure-storage.md)
No PII in logs, even at debug level
Respect user consent: app must remain functional if optional data collection is denied

Change History

Version	Date	Author	Summary
1.0.0	2026-03-27	Mike Fullerton	Initial creation