Apple Developer ID signed
Every release is code-signed with Java Mantra Corp's Developer ID before Apple sees it. Gatekeeper verifies the signature on first launch and on every relaunch.
Security
How CentProof keeps your data on your Mac.
CentProof is signed, notarized, locally-stored, and locally-AI'd by default. This page lists the exact third parties we use, the four network calls the app can make, and how to verify any of it independently.
Distribution + integrity
The release pipeline is audit-friendly.
CentProof is distributed as a signed, notarized macOS .dmg. Auto-updates carry an additional ed25519 signature. Every release publishes its SHA-256 so you can verify the bytes you downloaded match the bytes we built.
Apple notarized + stapled
Each release is submitted to Apple's notarization service. The notarization ticket is stapled into the .dmg, so verification works even when you're offline.
ed25519-signed updates
Auto-updates are signed with an ed25519 key Java Mantra Corp controls. The CentProof binary embeds the matching public key and refuses any update that doesn't verify.
SHA-256 published on every release
Each GitHub Release page lists the SHA-256 of the .dmg. You can verify the download with shasum -a 256 before mounting.
No bank password, no Plaid, no aggregator
CentProof never asks for, stores, or sees bank login credentials. Statements come in as PDFs you already have.
No telemetry, no analytics, no cookies
centproof.com sets no cookies and runs no analytics. The desktop app makes no telemetry calls. The 4 network behaviors listed below are the entire surface.
Verify it yourself
Three commands. Two minutes.
1. SHA-256 of the .dmg
Compare your local download against the value published on the GitHub Release page for that version.
shasum -a 256 ~/Downloads/CentProof_*.dmg
2. Apple Developer ID signature
Confirm the .app was signed by Java Mantra Corp and the signature is valid.
codesign --verify --verbose=2 \ /Applications/CentProof.app
3. Apple notarization (offline-checkable)
The notarization ticket is stapled into the bundle. spctl will confirm the app is "accepted" by Gatekeeper.
spctl --assess --type execute --verbose \ /Applications/CentProof.app
Network behavior
The four calls the app can make. That's it.
Everything else — parsing, search, AI, reports, exports — is local.
Normal app use
Zero outbound network requests. Importing PDFs, searching, exporting, and using local AI never call the network.
Update check (every 6 hours, throttled)
GET https://centproof.com/updates/darwin/<currentVersion>. The response is a small JSON manifest plus an ed25519 signature; binaries are downloaded only when an update is actually available.
License activation / re-validation
Only when you paste a license key or once per app launch after that. Calls api.lemonsqueezy.com directly — never proxied through CentProof.
Support email link
Opens your default mail client to support@centproof.com. CentProof never silently sends mail.
Custom AI endpoint (External mode only, off by default)
If you opt into External AI mode in Preferences, the app calls the URL you typed in. Bundled (default) mode keeps everything on-device.
Payment and download
The two services that touch customer data.
Both are needed for any web-distributed Mac app to function. Bank-statement contents do not flow through either; they stay on your Mac.
LemonSqueezy
Visit site ↗Role: Merchant of record for Pro Lifetime and Pro Monthly purchases. Handles checkout, payment, tax, and license-key issuance.
What they see: Whatever you provide at checkout — name, email, billing address, payment method. After purchase, the app calls LemonSqueezy directly to activate and re-validate your license. We never see your card number; LemonSqueezy never sees your statements.
GitHub Releases
Visit site ↗Role: Hosts the signed .dmg and update payloads for download.
What they see: Standard download-request metadata. The .dmg itself is signed by Java Mantra Corp's Apple Developer ID and notarized by Apple — those signatures verify the binary regardless of where it was downloaded from.
Data flow
Where every piece of data lives.
On your Mac
- • PDF statements you import — copied into local app data, encrypted at rest with a key in your macOS Keychain.
- • Parsed transactions, accounts, entities, categories, notes — stored in a local SQLite database.
- • AI suggestions and embeddings — computed locally by the bundled model unless you switch to External AI mode.
- • Settings, preferences, license cache — local app data.
Off your Mac (only the items below)
- • Update-check requests to centproof.com (no contents, just version).
- • License activation/re-validation requests to LemonSqueezy.
- • The purchase itself (handled entirely by LemonSqueezy at their checkout page).
- • A receipt email to the address you used at checkout.
Have a security question we didn't answer?
Email support@centproof.com. We respond within one business day and we're happy to walk through code-signing, network behavior, or anything else specific.