Control
Secure Enclave Integration
Implementation
Hardware-backed P-256 keys, non-extractable
Status
Active
Security Compliance
Lens applies defense-in-depth controls to protect capture integrity, privacy, and operations. Start with the executive summary, then review the detailed control mappings.
GDPR CompliantCCPA CompliantOWASP Top 10 Mitigated
Executive summary
Lens combines hardware-backed cryptography, strict data handling, and operational safeguards. The sections below map each control domain for security review.
- Data protection: GDPR and CCPA aligned
- Crypto baseline: Secure Enclave, P-256, TLS 1.3
- Risk model: OWASP mobile threats mitigated
Compliance Basis
Lens bases its security program on C2PA Security Considerations 2.0 and C2PA Harms Modelling 2.0. Together, these documents inform our architecture, threat model, and harm mitigation approach.
Primary References:
- C2PA Security Considerations 2.0 — Threat model, security features, and implementation guidance
- C2PA Harms Modelling 2.0 — Human rights considerations, misuse scenarios, and stakeholder guidance
The controls, mitigations, and privacy protections on this page follow guidance from these C2PA specifications.
Compliance Summary
Data Protection
GDPR, CCPA
Cryptographic Security
Secure Enclave, ECDSA P-256, TLS 1.3
Mobile Security
OWASP Mobile Top 10
Privacy
Privacy by Design
Incident Response
ISO 27001-aligned
Security Architecture
Lens follows a defense-in-depth model with multiple layers of protection.
Hardware-backed security via iOS Secure Enclave
Zero-trust architecture for all data access
Privacy by design in all features
Minimal data collection principle
End-to-end encryption for sensitive operations
Security Layers
Device SecurityToggle section
| Control | Implementation | Status |
|---|---|---|
| Secure Enclave Integration | Hardware-backed P-256 keys, non-extractable | Active |
| Keychain Services | iOS Keychain for credential storage | Active |
| App Sandboxing | iOS App Sandbox isolation | Active |
| Code Signing | Apple Developer certificate validation | Active |
| Runtime Protection | ASLR, stack canaries, code signing | Active |
Control
Keychain Services
Implementation
iOS Keychain for credential storage
Status
Active
Control
App Sandboxing
Implementation
iOS App Sandbox isolation
Status
Active
Control
Code Signing
Implementation
Apple Developer certificate validation
Status
Active
Control
Runtime Protection
Implementation
ASLR, stack canaries, code signing
Status
Active
Data ProtectionToggle section
| Control | Implementation | Status |
|---|---|---|
| Encryption at Rest | iOS Data Protection API (Class A) | Active |
| Encryption in Transit | TLS 1.3 for all network communications | Active |
| File System Encryption | iOS File Protection API | Active |
| Key Management | Secure Enclave hardware keys | Active |
| Certificate Pinning | Not implemented | Optional (planned) |
Control
Encryption at Rest
Implementation
iOS Data Protection API (Class A)
Status
Active
Control
Encryption in Transit
Implementation
TLS 1.3 for all network communications
Status
Active
Control
File System Encryption
Implementation
iOS File Protection API
Status
Active
Control
Key Management
Implementation
Secure Enclave hardware keys
Status
Active
Control
Certificate Pinning
Implementation
Not implemented
Status
Optional (planned)
Network SecurityToggle section
| Control | Implementation | Status |
|---|---|---|
| TLS Configuration | TLS 1.3 minimum, perfect forward secrecy | Active |
| Certificate Validation | Full chain validation with OCSP | Active |
| Network Isolation | No direct internet access required | Active |
| Offline-First | Core functionality works offline | Active |
| Rate Limiting | Client-side (feedback); server-side depends on third-party APIs | Client-side only |
Control
TLS Configuration
Implementation
TLS 1.3 minimum, perfect forward secrecy
Status
Active
Control
Certificate Validation
Implementation
Full chain validation with OCSP
Status
Active
Control
Network Isolation
Implementation
No direct internet access required
Status
Active
Control
Offline-First
Implementation
Core functionality works offline
Status
Active
Control
Rate Limiting
Implementation
Client-side (feedback); server-side depends on third-party APIs
Status
Client-side only
Application SecurityToggle section
| Control | Implementation | Status |
|---|---|---|
| Input Validation | All user inputs sanitized and validated | Active |
| Output Encoding | XSS prevention via output encoding & content sanitization | Active |
| SQL Injection Prevention | Parameterized queries (if applicable) | N/A |
| Memory Safety | Swift memory safety, ARC | Active |
| Dependency Management | Regular security updates, vulnerability scanning | Active |
Control
Input Validation
Implementation
All user inputs sanitized and validated
Status
Active
Control
Output Encoding
Implementation
XSS prevention via output encoding & content sanitization
Status
Active
Control
SQL Injection Prevention
Implementation
Parameterized queries (if applicable)
Status
N/A
Control
Memory Safety
Implementation
Swift memory safety, ARC
Status
Active
Control
Dependency Management
Implementation
Regular security updates, vulnerability scanning
Status
Active
Data Protection & Privacy
Lens applies privacy by design throughout the app.
Privacy Principles:
- Data Minimization: Only collects data necessary for core functionality
- Purpose Limitation: Data used only for stated purposes
- Storage Limitation: Data retained only as long as necessary
- User Control: Users control what data is captured and stored
- Transparency: Clear privacy policy and data handling disclosures
GDPR & CCPA Compliance
User RightsToggle section
| Right | Implementation | Status |
|---|---|---|
| Right to Access | Export functionality for user data | Implemented |
| Right to Deletion | Delete all app data via settings | Implemented |
| Right to Portability | Export media files with metadata | Implemented |
| Right to Rectification | Edit metadata before export | Implemented |
| Right to Object | No in-app usage analytics or automatic diagnostics upload; optional support attachments only when you send them | Implemented |
| Right to Restriction | Pause data processing | Implemented |
Right
Right to Access
Implementation
Export functionality for user data
Status
Implemented
Right
Right to Deletion
Implementation
Delete all app data via settings
Status
Implemented
Right
Right to Portability
Implementation
Export media files with metadata
Status
Implemented
Right
Right to Rectification
Implementation
Edit metadata before export
Status
Implemented
Right
Right to Object
Implementation
No in-app usage analytics or automatic diagnostics upload; optional support attachments only when you send them
Status
Implemented
Right
Right to Restriction
Implementation
Pause data processing
Status
Implemented
Cryptographic Security
Key ManagementToggle section
Keys are generated in hardware in the Secure Enclave; password-based key derivation is not used.
| Aspect | Implementation | Standard |
|---|---|---|
| Key Generation | Secure Enclave hardware RNG | Platform (Apple); NIST SP 800-90A aligned per vendor documentation |
| Key Storage | Secure Enclave, non-extractable | Apple Secure Enclave (see Apple platform security) |
| Key Rotation | Per-device certificates, revocation support | Industry best practice |
| Key Backup | Device-only; no key export or iCloud backup | N/A |
Aspect
Key Generation
Implementation
Secure Enclave hardware RNG
Standard
Platform (Apple); NIST SP 800-90A aligned per vendor documentation
Aspect
Key Storage
Implementation
Secure Enclave, non-extractable
Standard
Apple Secure Enclave (see Apple platform security)
Aspect
Key Rotation
Implementation
Per-device certificates, revocation support
Standard
Industry best practice
Aspect
Key Backup
Implementation
Device-only; no key export or iCloud backup
Standard
N/A
Encryption StandardsToggle section
| Use Case | Algorithm | Key Size | Status |
|---|---|---|---|
| C2PA Signing | ECDSA P-256 | 256-bit | Active |
| TLS | ECDHE + AES-256-GCM | 256-bit | Active |
| File Protection | AES-256 | 256-bit | Active |
Use Case
C2PA Signing
Algorithm
ECDSA P-256
Key Size
256-bit
Status
Active
Use Case
TLS
Algorithm
ECDHE + AES-256-GCM
Key Size
256-bit
Status
Active
Use Case
File Protection
Algorithm
AES-256
Key Size
256-bit
Status
Active
Vulnerability Management
Security TestingToggle section
| Test Type | Frequency | Status |
|---|---|---|
| Static Analysis | Pre-commit, CI/CD | Active |
| Dependency Scanning | Weekly automated scans | Active |
| Penetration Testing | Annual third-party audits | Planned |
| Code Review | All changes reviewed | Active |
| Security Audits | Quarterly internal reviews | Active |
Test Type
Static Analysis
Frequency
Pre-commit, CI/CD
Status
Active
Test Type
Dependency Scanning
Frequency
Weekly automated scans
Status
Active
Test Type
Penetration Testing
Frequency
Annual third-party audits
Status
Planned
Test Type
Code Review
Frequency
All changes reviewed
Status
Active
Test Type
Security Audits
Frequency
Quarterly internal reviews
Status
Active
OWASP Mobile Top 10 CoverageToggle section
| Threat | Mitigation | Status |
|---|---|---|
| M1: Improper Platform Usage | iOS HIG compliance, secure APIs | Mitigated |
| M2: Insecure Data Storage | iOS Data Protection, encryption | Mitigated |
| M3: Insecure Communication | TLS 1.3, certificate pinning | Mitigated |
| M4: Insecure Authentication | Secure Enclave, biometric auth | Mitigated |
| M5: Insufficient Cryptography | Industry-standard algorithms | Mitigated |
| M6: Insecure Authorization | App sandbox, permission model | Mitigated |
| M7: Client Code Quality | Swift memory safety, code review | Mitigated |
| M8: Code Tampering | Code signing, runtime checks | Mitigated |
| M9: Reverse Engineering | Code obfuscation (optional) | Partial |
| M10: Extraneous Functionality | Minimal dependencies, code audit | Mitigated |
Threat
M1: Improper Platform Usage
Mitigation
iOS HIG compliance, secure APIs
Status
Mitigated
Threat
M2: Insecure Data Storage
Mitigation
iOS Data Protection, encryption
Status
Mitigated
Threat
M3: Insecure Communication
Mitigation
TLS 1.3, certificate pinning
Status
Mitigated
Threat
M4: Insecure Authentication
Mitigation
Secure Enclave, biometric auth
Status
Mitigated
Threat
M5: Insufficient Cryptography
Mitigation
Industry-standard algorithms
Status
Mitigated
Threat
M6: Insecure Authorization
Mitigation
App sandbox, permission model
Status
Mitigated
Threat
M7: Client Code Quality
Mitigation
Swift memory safety, code review
Status
Mitigated
Threat
M8: Code Tampering
Mitigation
Code signing, runtime checks
Status
Mitigated
Threat
M9: Reverse Engineering
Mitigation
Code obfuscation (optional)
Status
Partial
Threat
M10: Extraneous Functionality
Mitigation
Minimal dependencies, code audit
Status
Mitigated
Vulnerability Disclosure:
- Responsible Disclosure: lens@field-notes.dev
- Response Time: 48 hours acknowledgment, 90 days resolution target
- CVE Assignment: For critical vulnerabilities
- Public Disclosure: After patch deployment and user notification
Dependency vulnerability management
We commit to remediating Critical and High CVEs in our dependencies within 90 days. Our SCA, SBOM, policy, and runbook are documented in the Product Security Architecture and dependency vulnerability management runbook. We use GitHub Dependency Graph and Dependabot for visibility and alerts, and Trivy in CI for scanning and CycloneDX SBOM generation. For dependency CVE reports or questions: lens@field-notes.dev.
Compliance Certifications
Certification StatusToggle section
| Certification | Status | Notes |
|---|---|---|
| ISO 27001 | Not Certified | Aligned with controls |
| SOC 2 Type II | Not Certified | Planned for future |
| GDPR | Compliant | Self-assessment |
| CCPA | Compliant | Self-assessment |
| HIPAA | Not Applicable | Not a healthcare app |
Certification
ISO 27001
Status
Not Certified
Notes
Aligned with controls
Certification
SOC 2 Type II
Status
Not Certified
Notes
Planned for future
Certification
GDPR
Status
Compliant
Notes
Self-assessment
Certification
CCPA
Status
Compliant
Notes
Self-assessment
Certification
HIPAA
Status
Not Applicable
Notes
Not a healthcare app