fazit.
Architecture

Security by construction.

Every guarantee is enforced in code and can be audited in the open source repository.

The five invariants

01
Audio exists only in RAM

The AudioRingBuffer type has no write-to-disk method. By design. This invariant is load-bearing.

02
Destruction is total and unconditional

destroyAudio() is called on every code path — success, error, early exit, crash recovery.

03
No network during operation

Only localhost (Ollama) and the initial one-time public model download. No Fazit servers exist.

04
No biometrics or voiceprints

We deliberately do not implement speaker recognition. No BIPA surface, no training data.

05
Output is text only

One Markdown file written to a location you control. Frontmatter always declares audio_retained: false.

Verifiable data flow

Four stages. One of them never exists on disk.

Mic + System AudioDual streamsRAM BufferNO PERSISTENCEDestroyed on every exitOn-Device AISTT + LLMYour Vault.md · text only

This diagram is implemented in the shipped code. Every arrow is enforced.

Compliance by design

Fazit was built with German and EU regulatory reality in mind from day one.

  • §201 StGB (Germany) — RAM-only pipelines that never write audio generally do not meet the statutory definition of a “recording on a sound carrier.”
  • GDPR / DSGVO — no cross-border transfers during normal operation. All processing is local.
  • Works council & DPO friendly — the architecture and our shipped collateral make review straightforward.
  • Auditability — the entire claim is open source. Anyone can verify the invariants.
View full legal & compliance documentation →
Questions from security teams? hello@getfazit.com