Security & Verification

Trust Center

Security, verification, and operational boundaries for locally deployed software.

Security Overview

Manna Corp V2 Engine operates as locally deployed software. Security boundaries are established at deployment time by the operating organization.

Core Security Principles

  • No hosted portal: No accounts, no central authentication, no PHI aggregation
  • Local execution: Rules engine runs in your environment
  • Cryptographic verification: All releases are signed; verification is mandatory
  • Immutable audit trail: Execution artifacts are tamper-evident
  • Zero operational telemetry: No data leaves your deployment boundary by default

Threat Model

Last updated: February 2026

In-Scope Threats

  • Supply chain compromise (release integrity)
  • Runtime tampering (execution environment)
  • Audit trail manipulation (post-execution)
  • Replay attacks (stale rule sets)
  • Unauthorized rule modification

Out-of-Scope (Licensee Responsibility)

  • Network security and boundary enforcement
  • Host system hardening
  • Access control to deployment environment
  • PHI encryption at rest and in transit
  • Physical security of deployment infrastructure

Controls

ThreatControlResponsibility
Compromised release artifactRSA-4096 signature verificationManna Corp
Tampered audit recordsCryptographic signing of execution artifactsManna Corp (engine) + Licensee (storage)
Unauthorized access to engineDeployment environment access controlsLicensee
Man-in-the-middle during downloadHTTPS + checksum verificationShared

Data Flow & Boundaries

Data Processed by the Engine

The V2 Engine processes clinical and administrative data provided by the operating organization. This may include PHI.

All processing occurs within the licensee's deployment boundary.

Data Sent to Manna Corp

Default: None

The V2 Engine does not transmit operational data, execution results, or logs to Manna Corp unless expressly configured by the licensee.

Optional Telemetry (Opt-In Only)

If explicitly enabled by the licensee, the engine may transmit:

  • Aggregated usage metrics (execution count, rule set version, error rates)
  • Diagnostic data for support purposes

Opt-in telemetry never includes:

  • PHI or patient-identifiable information
  • Clinical data or inputs
  • Execution results or outputs
  • Organization-specific business logic

Telemetry configuration is explicit, auditable, and revocable. See Privacy Policy for implementation details.

Data Flow Diagram

┌─────────────────────────────────────────┐
│  Licensee Deployment Environment        │
│                                         │
│  ┌──────────────┐    ┌──────────────┐  │
│  │  Input Data  │───▶│  V2 Engine   │  │
│  │  (PHI OK)    │    │              │  │
│  └──────────────┘    └──────┬───────┘  │
│                             │          │
│                             ▼          │
│                      ┌──────────────┐  │
│                      │ Audit Trail  │  │
│                      │ (Immutable)  │  │
│                      └──────────────┘  │
│                                         │
└─────────────────────────────────────────┘
         │
         │ (Optional, Opt-In Only)
         ▼
┌─────────────────────────────────────────┐
│  Manna Corp                             │
│  Aggregated metrics only (no PHI)       │
└─────────────────────────────────────────┘

Cryptographic Integrity & Verification

Release Gating & Access Control

V2 Engine binaries are distributed exclusively to authorized licensees. Release artifacts are never publicly available. Access is controlled through the following model:

  1. Stripe Payment: License acquisition triggers payment processing
  2. License Key Issuance: Successful payment generates unique license key
  3. Activation & GitHub Access: Activation command grants access to private GitHub Release repository
  4. Artifact Retrieval & Verification: Licensee downloads and verifies releases locally

This gating model ensures traceability: every deployment can be traced to a valid license holder. For details on the complete authorization and verification flow, see the Download page authorization flow.

Release Signing

All V2 Engine releases are signed using RSA-4096 with SHA-256.

Public Key Fingerprint: Available on the Download page signing key section

Audit Trail Signing

Each execution produces a signed audit artifact containing:

  • Input data hash (SHA-256)
  • Rule set version and hash
  • Engine version
  • Execution timestamp
  • Environment fingerprint
  • Output hash

The artifact is serialized in canonical JSON format and signed with the deployment-specific signing key.

See Audit Artifact Specification for details.

Deployment Hardening Guide

Minimum Security Requirements

  • Dedicated execution environment (container, VM, or isolated host)
  • Network segmentation (restrict inbound/outbound traffic)
  • Read-only engine binaries (immutable deployment)
  • Encrypted storage for audit artifacts
  • Least-privilege service account

Recommended Configuration

  • Air-gapped deployment (no internet access for engine)
  • Hardware security module (HSM) for signing keys
  • Separate audit log storage with append-only access
  • Regular integrity verification of engine binaries

Vulnerability Disclosure Policy

Reporting Security Issues

Manna Corp takes security issues seriously. If you discover a vulnerability in the V2 Engine or related infrastructure, please report it responsibly.

Security Contact: security@mannacorp.com

What to Include

  • Detailed description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested remediation (if applicable)

Our Commitment

  • Acknowledge receipt within 2 business days
  • Provide status updates every 7 days
  • Issue patches within 30 days for critical vulnerabilities
  • Credit researchers (if desired) in security advisories

Out of Scope

  • Third-party infrastructure (hosting, CDN)
  • Deployment environment vulnerabilities (licensee responsibility)
  • Social engineering attacks

SBOM Policy

Manna Corp provides a Software Bill of Materials (SBOM) for each V2 Engine release.

SBOMs are available in CycloneDX and SPDX formats and include:

  • Direct and transitive dependencies
  • Component versions and licenses
  • Known vulnerabilities (CVEs)

SBOMs are available on the Download page with each release.

Third-Party Dependencies

The V2 Engine relies on carefully vetted third-party components. A complete dependency list is provided with each release in the SBOM.

All dependencies are:

  • Reviewed for security vulnerabilities
  • Pinned to specific versions
  • Licensed under permissive open-source licenses
  • Updated regularly with security patches

Change Log

Release notes and version history are available on the Download page.