Open Source

StayLogged is not fully open source. The browser extension client is open source and auditable, while the hosted service remains closed. That split is intentional because the client is the part users need to verify for privacy, encryption, and local key handling.

Why Open Source Matters Here

Browser session synchronization is security-sensitive. Client-side source availability makes the product easier to inspect, review, and challenge. That is materially better than asking users to trust opaque client code with local encryption and active session tokens.

What Is Open Source

The browser extension client is the main open source surface. That is where local encryption, key handling, cookie selection, and browser-side sync behavior live. Making that part auditable gives users and reviewers direct visibility into the privacy properties that matter most.

Why the Server Is Not Open Source

The hosted service remains closed for practical reasons. It supports commercial sustainability, reduces low-effort private-host cloning and abuse, and protects operational routing, anti-abuse controls, and service-side enforcement logic that would otherwise be easier to mirror or attack.

That does not mean the server should be trusted with plaintext cookie payloads. The design goal is the opposite: cookie payloads are encrypted before upload, and decryption keys stay on the user's devices rather than on the backend.

Transparency Goals

• Make the security model understandable to users and reviewers.
• Allow independent inspection of the client-side encryption and sync logic.
• Reduce the gap between security claims and verifiable behavior.
• Support community review and long-term maintainability.

Licensing

Open source license terms apply to the code that is actually released under an open source license. They do not automatically apply to the hosted service or all operational infrastructure behind StayLogged.

What Users Should Be Able to Verify

• How session data is encrypted before synchronization.
• Whether decryption keys remain local to user devices.
• What metadata the service stores and what it does not.
• How device authorization and revocation are enforced.
• How sync conflicts, expiration, and storage are handled.

Security and Open Source

Open source does not automatically make software secure. What it does is make the privacy-sensitive client behavior reviewable. In a product like StayLogged, that is the part users need to verify most directly.

Community Expectations

A credible open source security product should make it easy to review code, understand release history, and report issues responsibly. Over time, the value comes from clear documentation, auditable changes, and an architecture that remains understandable under scrutiny.