Transparency
What Our Desktop Tools Send and Do Not Send
We build forensic tools. We understand chain of custody and data privacy better than most. Here is exactly what happens when our apps communicate with our servers.
When Do the Apps Contact Our Servers?
Sherlock desktop tools make network calls in exactly two situations:
- License activation (one time) when you paste a Pro license key
- Update check (manual button or opt-in weekly) when you click "Check for updates"
Free users who never check for updates generate zero network traffic to our servers. The tools work entirely offline.
What the Apps Send
| Data | Sent? | Why |
|---|---|---|
| SHA-256 of your license token | Yes | Server looks up your license. Cannot reconstruct the token from the hash. |
| SHA-256 of machine fingerprint | Yes | Opaque per-machine ID for seat counting. Cannot reverse-engineer to specific hardware. |
| Product ID and tool version | Yes | Public information. Needed for update checks and product validation. |
| The license token itself | No | Server already has the hash. Token never leaves your machine after activation. |
| Machine name or hostname | No | Not collected. Machine fingerprint is a one-way hash. |
| Windows username | No | Not collected. |
| File or email content | No | Your PST/OST files, emails and attachments never leave your machine. |
| Email addresses from analyzed files | No | Analysis is entirely local. No telemetry on analyzed content. |
| IP address | Logged | Standard server connection. Not sent by the app. Logged for fraud prevention only. |
Machine Fingerprint Details
The machine fingerprint is computed as SHA-256(MachineGuid + ":" + VolumeSerial) where MachineGuid is a Windows registry value and VolumeSerial is the system drive serial number. This produces a stable 64-character hex string that:
- Uniquely identifies a machine for seat counting
- Cannot be reversed to determine hardware specifications
- Does not contain your name, organization or location
- Changes if you reinstall Windows (contact support to release the old seat)
After Activation
Once activated, the license verifies entirely offline using the Ed25519 public key embedded in the application binary. No server contact is required for day-to-day use. The only subsequent network call is the optional "Check for updates" which combines a version check with a license revocation check in a single request.
Data Retention
- License records: retained for the lifetime of the license
- Activation records: retained for support and fraud prevention
- Server logs (IP, user agent): retained for 90 days
- No content from analyzed files is ever stored on our servers
Questions
Contact support@sherlockforensics.com or call 604.229.1994.