Security Commitment

TechUI is fully aware that, as a core fundamental component of enterprise-level systems, security and stability are non-negotiable bottom lines. We have introduced advanced Wasm (WebAssembly) protection technology to safeguard intellectual property, but we also solemnly promise: technical measures will never cross the boundaries of data privacy and system security.

The following are TechUI's four core security commitments to all users, including those using the Free and Commercial editions.

Data Privacy

This is our most core principle: TechUI only focuses on authorization status, not your business data.

• 🚫 No Reading of Business Data: The internal Wasm Guard is only used to verify License signatures, decrypt the rendering core, and detect the operating environment, such as domains or time. It absolutely will not read, store, or upload business data bound to the components.
• 🚫 No "Invisible Tracking": TechUI does not contain any hidden user behavior tracking or data back-haul code.
• 🔒 Localized Verification: For Project Licenses and Company Licenses, the authentication logic is completed entirely locally and offline, requiring no online services and physically eliminating the possibility of data leakage.
• 🌍 No HTTP Requests: The Wasm module will not send any external HTTP requests, which can be monitored via debugging tools.

Runtime Security

TechUI's core protection logic runs within a WebAssembly sandbox environment, providing you with a natural security barrier.

• Memory Safety: The Wasm module operates in an independent linear memory space and cannot directly access any memory address of the host environment (browser), eliminating the risk of memory overflow attacks.
• Restricted Permissions: The Wasm Guard strictly follows the browser's Same-Origin Policy and cannot cross domains to read your Cookies, LocalStorage, or access unauthorized cross-domain interfaces via XHR/Fetch.
• Lossless Performance: The security detection logic has undergone deep assembly optimization and runs in independent threads or idle frames; its impact on main thread rendering performance is negligible, ensuring smoothness even under high-frequency data refreshes.

Circuit-Breaker Mechanism

We have adopted a strict "anti-tamper circuit-breaker" mechanism, but we promise that this mechanism is deterministic and restrained.

• ⚠️ Non-Random Triggering: The system will absolutely not randomly crash or create "time bombs". Denial of service (circuit-breaking) is only triggered when explicit attack behaviors are detected, such as removing copyright DOM elements, modifying project license titles, or when a development license expires.
• ✅ Normal Fault Tolerance: For non-malicious configuration errors, such as entering the wrong Key, the system prioritizes downgrading to "Free/Trial" mode and issues a console warning. This ensures the availability of the business system as much as possible without affecting normal development (development mode only).

Security Response Center

If you discover a potential security vulnerability in TechUI code or have doubts about certain runtime behaviors, please contact our security team directly at ayin86cn@outlook.com.