Explore feature guides, reports and exports, and our privacy-first security stance.
TNO (Trust No One)
A plain-language explanation of what “Trust No One” means inside Titanium Invoice™ — and why it matters for your business records.
Security Explainer
What TNO means
TNO is a design goal: Titanium Invoice™ is built to minimize who must be trusted with your business information.
In practice, that means your invoices, clients, and records are stored locally in the app’s sandboxed storage and protected by Apple platform security. Titanium Invoice™ does not run a server that receives your invoice/client document contents.
Key idea: Titanium Invoice™ is designed so your document contents are not sent to a Titanium Invoice™-controlled backend service.
Why it matters
Less exposure: fewer places your document contents can end up.
Ownership: your invoices and client records stay with you — you choose if/when to share or export.
Clarity: security is not just a statement; it’s a set of product choices (local-first, explicit exports, and optional sync behavior).
How it shows up in Titanium Invoice™
Local-first protection: data is stored locally and protected by Apple platform security (see Encrypted by Default).
Sync (when enabled): if you enable iCloud Sync, Titanium Invoice™ encrypts sensitive data before it leaves your device (see Pre-egress Encryption).
Exports: exporting creates a copy outside the app’s protected storage, so Titanium Invoice™ treats it as a deliberate action and asks you to confirm first (see Privacy-Aware Exports).
