Security
Directory Guard was designed to review Active Directory exports safely. We avoid live AD connectivity and keep the deployment surface small so you can run it on your own hardened infrastructure.
Offline-first: operates entirely on exported data; no live domain connectivity required.
Data residency: keep exports and insights inside your environment for review.
Small footprint: a single runtime behind your firewall keeps the attack surface minimal.
Encryption posture: plan for encryption at rest and strict access controls as data storage is added.
Encryption at rest and database integrations will be added alongside a MariaDB configuration. Until then, keep uploads in trusted storage and restrict access to the host.