Security
How Speakable protects your data and code
Your code stays on your machine
The Speakable CLI runs entirely locally. Your HTML, source code, and analysis results never leave your machine or CI/CD environment. There is no telemetry, no cloud processing, and no data transmission.
Architecture
CLI Tool
Runs locally via Node.js. Parses HTML with jsdom, builds accessibility trees, and renders output — all in-process with zero network calls.
Web Analyzer
Runs entirely in the browser. HTML you paste is processed client-side using the browser's native DOM parser. Nothing is sent to our servers.
Authentication
Handled by Clerk with industry-standard OAuth 2.0, session management, and optional multi-factor authentication.
Payments
Processed by Stripe. We never handle or store credit card numbers. All payment data is encrypted in transit and at rest by Stripe.
Dependencies
The CLI has a minimal dependency footprint: jsdom for HTML parsing, Commander for CLI argument handling, and picocolors for terminal output. We regularly audit dependencies for known vulnerabilities.
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly by emailing xreticular@gmail.com with the subject line "Security Report". We will acknowledge receipt within 48 hours and work to address the issue promptly.
Open Source
The Speakable CLI is distributed under the MIT License. You can inspect the source code, audit the dependency tree, and verify the security posture yourself.