Audits
No external audits yet.
Tracemute has not been audited by a third-party security firm. We are not going to claim otherwise. This page exists so that before we have an audit it says "none yet", and after we have one it links to the report.
What we have today is a unit test suite the CI runs on every commit, a documented threat model, and a reproducible build pipeline. Source is closed but available under NDA to qualified auditors. That is necessary but not sufficient — real external review will come, and we want to find a firm with a track record on privacy tools and browser-WASM threat models specifically.
When we expect one
Year 1 post-launch. Funding TBD. We will not gate the audit on commercial revenue — if necessary it'll come out of pocket. The output will be published in full, including the findings that took the longest to fix.