Open-source checklist of 13 rules for building privacy-first apps
SecureX is a set of 13 rules for designing apps that never see or store users' personal data. It is published as an open-source specification anyone can use. It serves as a practical reference for developers who want to bake privacy into their apps from day one.
'Zero-knowledge' design means building an app so that even the server operator cannot read what users store or send. SecureX puts this idea into a concrete list of 13 rules — for example, encrypting data on the user's device before sending anything to a server, or never logging identifiable information.
The project is open-source on GitHub and is meant to work like a checklist: a developer can go through each rule to verify their app meets the standard. It is a useful reference for privacy-sensitive apps (notes, chat, health tools), though it has no direct bearing on AI agent development or reducing LLM costs.
Key points
- 13 concrete rules for designing apps that cannot access users' raw data
- Open-source — free to use and contribute to
- Focused on security and privacy, not AI agent building or cost reduction
- Most useful for apps handling sensitive data: notes, messaging, health records
Quick term guide
- persona
- A specific personality or role that an AI agent is set to play.
- open-source
- Software whose code is shared publicly so others can inspect, use, or change it.
- specification
- A written document that defines exact rules a piece of software must follow
- reference
- Using a source to find information or confirm facts while working.
- developers
- Developers are people who build software, apps, or websites.
- zero-knowledge
- A design approach where the service provider cannot read the user's data, even if they wanted to
- logging
- Keeping records of what happened in a system so it can be checked later.
- AI agent
- An AI program that can inspect information and suggest what to do next.