Your documents and analysis stay on your machine.
Every host the app contacts, and what each request sends and doesn't.
Last updated: May 2026
How your data is handled
- • Documents you load into the app never leave your machine. No cloud upload, no document content sent to any third party.
- • No telemetry, no usage analytics, no behavioral tracking from the desktop application.
- • All AI/NLP and OCR models are bundled with the installer. The app does not download additional models at runtime.
Network destinations
The app contacts two hosts. Neither one receives document content, detection results, or usage data. You can block both at the firewall and detection, anonymization, and redaction will continue to work.
api.lemonsqueezy.com
License validation
- Sends
- Your license key
- Does not send
- Document content, detection results, usage data, or any telemetry
- Frequency
- Periodic check; the app runs offline between validations with a multi-day grace period
- If blocked
- Detection and redaction keep working; you only see a prompt after the grace period expires
publicsuffix.org
Public Suffix List refresh
- Sends
- No user data. Downloads a public reference file (the same list used by every major browser and email client)
- Does not send
- Document content, your license key, or any identifying information
- Purpose
- Keeps URL and email detection accurate as new top-level domains are registered
- If blocked
- The app falls back to the snapshot bundled with the installer; detection continues to work
Code signing
Every installer we publish is code-signed and (for macOS) Apple-notarized. You can inspect the signature on the file you downloaded and compare it to what we publish here.
Windows (.msix)
- Signer
- Southwest Management Technology, LLC
- Issuer
- DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
- Root CA
- DigiCert Trusted Root G4
- Algorithm
- RSA 4096-bit, SHA-384, timestamped (DigiCert)
macOS (.dmg)
- Signer
- Developer ID Application: Southwest Management Technology, LLC
- Issuer
- Apple's Developer ID Certification Authority
- Runtime
- Hardened runtime enabled, all Mach-O binaries signed
- Notarization
- Submitted to and accepted by Apple; ticket stapled to the .dmg
On Windows, right-click the .msix and choose Properties > Digital Signatures. On macOS, run codesign --verify --deep --strict --verbose=4 PII_Anomalyzer.app followed by spctl --assess --verbose=4 PII_Anomalyzer.app.
Public commitments
We have submitted Southwest Management Technology to the CISA Secure by Design Pledge, a US government voluntary commitment to seven security goals over the next twelve months (multi-factor authentication, eliminating default passwords, reducing entire classes of vulnerability, increasing security patch installation, a published vulnerability disclosure policy, transparency about CVEs, and the ability to gather evidence of intrusions). This page will be updated with confirmation and a progress note once accepted.
Responsible disclosure
If you find a security issue in PII Anomalyzer, please email security@azdecisionscience.com.
- • We aim to acknowledge reports within 48 hours.
- • For confirmed issues, we target a patched release within 7 days, faster for high-severity findings.
Related
- Subprocessors: every third-party service we work with, and exactly what each one sees.
- Privacy Policy: what the application and this website do and do not collect.
- Contact us for procurement, compliance, or general security questions.