Imperial Eminence Cyberguard Corporation · The Ivory Index
Security Whitepaper
Tier IV — Enterprise Governance · Ref: IECC-T4-005 · Version 1.0 · Effective 14 June 2026
The Ivory Index is built on a local-first architecture. All User data, AI inference, and application logic run on the User's device. This architectural decision eliminates the majority of cloud-based data security risks by design, not by policy.
| Layer | Technology | Version | Role |
|---|---|---|---|
| Desktop Runtime | Electron | 28+ | Cross-platform desktop application shell |
| UI Framework | React | 18+ | User interface rendering |
| Build Tool | Vite | 5+ | Frontend build and hot-reload |
| AI Runtime | Ollama | Current | Local LLM inference engine |
| Default AI Model | llama3.2 | Current | Primary language model (up to 15 models supported) |
| Local Server | Node.js | Current LTS | Inter-process communication (port 11435, localhost only) |
| AI API Endpoint | Ollama API | — | Model inference (port 11434, localhost only) |
User Input
│
▼
Ivory Index UI (React / Electron)
│
├─► Local Node.js Server (localhost:11435)
│ │
│ └─► Ollama AI Runtime (localhost:11434)
│ │
│ └─► Local Model (llama3.2 or selected model)
│ │
│ └─► Response returned locally
│
└─► Local Profile Storage (~/.theivorry/profiles/{id}/)
│
└─► JSON files, essay drafts, evaluation history
(never transmitted to IECC servers)
| Request Type | Destination | Data Transmitted | User Control |
|---|---|---|---|
| Model download | Ollama model registry | Model name only | User-initiated |
| Institution data update | IECC CDN (if configured) | Request metadata only | User-initiated |
| Software update check | IECC update server | Software version, OS type | Configurable |
No User profile data, essays, AI conversations, or evaluation outputs are transmitted to IECC or third parties in normal operation.
| Threat | Mitigation | Residual Risk |
|---|---|---|
| IECC server compromise leaking User data | No User data on IECC servers | None (architectural) |
| Man-in-the-middle on AI inference | All inference on localhost; no network path | None (architectural) |
| Malicious model weights | Models sourced from Ollama official registry; User controls model selection | Low |
| Local device compromise | OS-level security; IECC recommends full-disk encryption | Medium (User's responsibility) |
| Supply chain attack on dependencies | Dependency scanning on each release; lock-file integrity checks | Low–Medium |
| Electron security vulnerabilities | Context isolation enabled; node integration in renderer disabled; CSP configured | Low |
The Node.js server (port 11435) and Ollama API (port 11434) bind to localhost (127.0.0.1) only. They are not exposed to the local network or internet. Firewall rules are not required but are recommended as defence-in-depth.
~/.theivorry/ directoryThe Ivory Index incorporates open-source components. IECC maintains a Software Bill of Materials (SBOM) identifying all third-party dependencies and their licences. Key licence categories used:
| Licence | Examples | Obligations |
|---|---|---|
| MIT | React, Vite, most npm dependencies | Attribution required; permissive use |
| Apache 2.0 | Electron (in part) | Attribution; patent grant |
| Llama Community Licence | Meta's llama3.2 model weights | Non-commercial restrictions; attribution |
IECC's commercial use of Meta's Llama models is subject to Meta's Llama Community Licence. Enterprise Customers intending to deploy in commercial contexts should review applicable model licences.
IECC operates a responsible disclosure programme. Security researchers who discover vulnerabilities in The Ivory Index Software or IECC systems may report them to legal@imperialecc.com. IECC commits to: (i) acknowledging reports within 24 hours; (ii) providing a substantive response within 14 days; (iii) crediting responsible reporters (with consent); and (iv) not pursuing legal action against good-faith reporters acting within the scope of this programme.
