Skip to content

Privacy Policy

Versión en Español

MIESC - Multi-layer Intelligent Evaluation for Smart Contracts

Last Updated: June 2026


Overview

MIESC is committed to protecting user privacy. This document describes our data handling practices and privacy commitments.

Key Principle: MIESC processes all data locally on your machine. Your code and analysis results never leave your system unless you explicitly choose to share them.


Data Collection

What We DO NOT Collect

Data Type Collected? Notes
Source code No Processed locally only
Analysis results No Stored locally only
Personal information No No user accounts required
Usage telemetry No No analytics by default
IP addresses No No network requests to MIESC servers
Cookies No No web tracking

What We MAY Process Locally

Data Type Purpose Storage
Solidity source files Security analysis Temporary, deleted after analysis
Compilation artifacts Tool execution Temporary cache, user-controlled
Analysis reports User deliverable Local filesystem only
Configuration files User preferences Local filesystem only

Local Processing Architecture

┌─────────────────────────────────────────────────────────────┐
│                    YOUR LOCAL MACHINE                        │
│                                                              │
│  ┌──────────────┐    ┌──────────────┐    ┌──────────────┐  │
│  │ Source Code  │───▶│    MIESC     │───▶│   Reports    │  │
│  │   (Input)    │    │   (Local)    │    │   (Output)   │  │
│  └──────────────┘    └──────────────┘    └──────────────┘  │
│                             │                               │
│                             ▼                               │
│                    ┌──────────────┐                         │
│                    │ Local LLM    │                         │
│                    │  (Ollama)    │                         │
│                    └──────────────┘                         │
│                                                              │
│          ══════════════════════════════════════             │
│          ║  NO DATA LEAVES THIS BOUNDARY  ║                 │
│          ══════════════════════════════════════             │
└─────────────────────────────────────────────────────────────┘

AI/ML Components

Local LLM (Default)

MIESC uses Ollama for AI-assisted analysis by default:

  • Runs entirely on your local machine
  • No API calls to external services
  • No data transmission to cloud providers
  • Models downloaded once, run offline

Optional Cloud AI

If you choose to enable cloud AI features (OpenAI, Anthropic, or DeepSeek):

  • Opt-in only: Requires explicit configuration
  • Your responsibility: You must review the provider's privacy policy
  • Data transmission: Source code snippets may be sent to the API
  • Recommendation: Use local models for sensitive code

Third-Party Tools

MIESC orchestrates third-party security tools. Each tool has its own privacy characteristics:

Tool Network Access Data Sent Externally
Slither None None
Mythril None None
Echidna None None
Foundry Optional (dependencies) Package checksums only
Halmos None None
Certora Yes (if used) Code sent to Certora cloud
SMTChecker None None

Note: Certora's cloud verification service requires sending code to their servers. This is optional and clearly documented when enabled.


Data Retention

Automatic Cleanup

Data Type Retention Cleanup Method
Temporary files Session only Deleted on exit
Compilation cache User-controlled Manual or make clean
Analysis reports Permanent User manages
Logs 7 days default Configurable

User Control

Users have full control over all stored data:

# Clear all temporary data
make clean

# Clear analysis cache
rm -rf .miesc_cache/

# Clear logs
rm -rf logs/

GDPR (EU General Data Protection Regulation)

Requirement MIESC Compliance
Lawful basis Not applicable (no personal data processing)
Data minimization Only processes files explicitly provided
Purpose limitation Security analysis only
Storage limitation User-controlled retention
Right to erasure User deletes local files
Data portability All exports in open formats

CCPA (California Consumer Privacy Act)

Requirement MIESC Compliance
Right to know This policy documents all data handling
Right to delete User controls all local data
Right to opt-out No data sale (no data collection)
Non-discrimination Free tool, no user differentiation

Argentina Data Protection Law (Ley 25.326)

Requirement MIESC Compliance
Purpose specification Security analysis only
Data quality No personal data stored
Security measures Local processing, no transmission
User rights Full user control over data

Security Measures

Data Protection

Measure Implementation
Encryption at rest User filesystem encryption (OS-level)
Encryption in transit N/A (no data transmission)
Access control User filesystem permissions
Audit logging Optional, local only

Vulnerability Handling

  • Security issues: fboiero@frvm.utn.edu.ar
  • Response time: <48 hours
  • Disclosure policy: Coordinated disclosure

Children's Privacy

MIESC is a developer tool intended for professional use. We do not: - Knowingly collect data from children under 13 - Market to children - Provide features designed for minors


International Data Transfers

No international data transfers occur because: - All processing is local - No data sent to MIESC servers - No cloud services required by default

If you enable optional cloud AI features, transfers are governed by the provider's policies.


Changes to This Policy

We will update this policy as needed. Changes will be: - Documented in repository commits - Noted in release notes - Effective immediately upon publication


Contact

Privacy Questions: fboiero@frvm.utn.edu.ar

Project Repository: https://github.com/fboiero/MIESC


Summary

Question Answer
Does MIESC collect my data? No
Does MIESC send data externally? No (by default)
Where is my code processed? Your local machine only
Who can access my analysis results? Only you
Do I need an account? No
Is there telemetry? No

Your code stays on your machine. Always.