Security

Firelink Relay is a signals-only notification layer. Your AI conversations, files, and logic never leave your machine.

Architecture Overview

Firelink Relay acts as a thin signaling layer between your local AI agent and your notification devices. Only predefined status signals (jobDone, needsUserInteraction) are transmitted over the network via the standard Model Context Protocol (MCP).

AI Agent ──── status signal ────▶ Firelink Relay API ──── notification ────▶ Browser / Push / Webhook
▲ local machine                           ▲ hash + metadata only

Your AI agent's logic, data, conversation history, and files remain entirely on your infrastructure. We never see them.

What We Store

Stored
  • ▸ Notification metadata: status type + label you provided
  • ▸ API key hashes (SHA-256) — never the raw key
  • ▸ Webhook destination URLs and HMAC signing secrets
  • ▸ Account identifier from authentication provider
Never Stored
  • ▸ AI conversation content, prompts, or responses
  • ▸ Files, code, or documents from your machine
  • ▸ Credit card numbers (handled entirely by Stripe)
  • ▸ Workflow patterns or usage analytics

Security Controls

API Key Security

  • ▸ Keys hashed with SHA-256 at rest
  • ▸ 32-byte cryptographic entropy
  • ▸ Rate limited: 30 requests/minute
  • ▸ Last-used timestamps for auditing

Database Security

  • ▸ PostgreSQL Row-Level Security (RLS)
  • ▸ User-scoped JWT access tokens
  • ▸ Enforced at database level, not app layer
  • ▸ Service-role restricted functions

Webhook Security

  • ▸ HMAC-SHA256 signed payloads
  • ▸ Timestamp included (replay protection)
  • ▸ HTTPS-only enforcement
  • ▸ SSRF protection with DNS validation
  • ▸ Private IP range blocking

Push Notifications

  • ▸ AES-128-GCM encrypted (RFC 8291)
  • ▸ VAPID signed (RFC 8292)
  • ▸ Endpoint-scoped encryption keys
  • ▸ Invalid subscriptions auto-cleaned

Authentication & Billing

Authentication is handled by Clerk (OAuth via Google, Apple, GitHub). Billing is handled by Stripe. Credit card data never touches Firelink Relay servers. We only store the Stripe customer identifier to link your subscription.

Vulnerability Reporting

If you discover a security vulnerability, please report it responsibly via our contact form. Select "Technical Issue" as the subject and include details of the vulnerability. We aim to acknowledge reports within 48 hours.

Our /.well-known/security.txt file also points to this contact channel.

Trust Model

We believe trust is built through architectural transparency, not source code access. Our security posture is based on:

  • Data minimalism by design — we physically cannot access what we never receive
  • Standard protocols — MCP, RFC 8291/8292, HMAC-SHA256 — no proprietary black boxes
  • Database-level enforcement — RLS policies enforce isolation regardless of application bugs
  • Third-party payment handling — Stripe processes all payment data
  • Responsible disclosure — security reports are welcomed and acknowledged
© 2026 Firelink Relay // All Rights Reserved
Support Security Privacy Policy Terms & Conditions