Security & Trust

Saltshaker is built with a focus on user safety, transparency, and minimal data handling. This page outlines how the application is distributed and what it does (and does not) do.

Code Signing

Saltshaker installers are code-signed using a DigiCert certificate. This allows your operating system to verify that the application has not been modified since it was built and signed.

Distribution

Official installers are distributed exclusively through saltshaker.app. No third-party download mirrors are used.

Malware & Antivirus Scanning

Current Saltshaker builds show no detections across major antivirus engines at the time of release. Users are welcome to independently verify installers using tools such as VirusTotal. As with any newly released software, results may vary over time as signatures update.

Permissions & Data Handling

Voice connections use WebRTC and are peer-to-peer when possible. In cases where direct connectivity is not available, a TURN relay may be used to facilitate connectivity.
No voice audio is recorded or stored.
Saltshaker is a standard desktop application and does not require kernel drivers to operate.
The application runs in user space and may use normal user-level background processes to support features such as auto-updates.
Plugins are installed only after explicit user approval and run in a restricted sandbox with a limited API surface.

Accounts & Privacy

Account data is used solely to support core functionality such as identity, blocking, and call history. For more details, see the Privacy Policy.

Transparency

Occasionally, platform moderation actions (such as automated spam or safety filters) may affect the visibility of posts discussing Saltshaker. These actions are unrelated to the application’s behavior or security.

Security-related information and updates will be shared through official Saltshaker channels as they become available.