Security software developer - Marian George Grosu, AlfaNest Labs

Founder · AlfaNest Labs · Saint-Fulgent, France

Security software developer I build secure products that respect your data.

Security software developer and solo founder based in France. Therefore, I focus on encrypted vaults, API security tools, AI agent guardrails, and local-first desktop apps. In addition, everything is designed so the server never sees your plaintext.

Marian George Grosu — security software developer and founder of AlfaNest Labs
Marian George Grosu
Founder & developer — AlfaNest Labs
Saint-Fulgent, 85250 Vendée, France
Security Full-stack Product builder
Selected projects

Security software developer — portfolio highlights

Below is the AlfaNest Labs product line: seven live systems, each with a documented threat model. Scroll the list — the preview on the right follows each project.

Security software developer — vault and desktop products

Web · Android · E2E encrypted
SafeKey — Encrypted Vault

PIN + biometric vault for passwords, seed phrases, documents, and files. Because the design is local-first, the core vault never requires a network connection. Moreover, zero-knowledge architecture means the server stores ciphertext only.

Role: sole architect, full-stack developer, UX
Next.jsReact Native AES-256-GCMArgon2 Shamir SSSFastify
2platforms
0plaintext on server
CRAcompliant
Open SafeKey →
Desktop · Windows · Local-first
EI-BNC Compta

Bookkeeping app for French BNC independents. As a result, revenue, expenses, quotes, invoices, URSSAF estimates, and bank reconciliation stay entirely on your machine. In conclusion: one-time payment, no subscription, no cloud ledger.

Role: sole developer, product owner, designer
ElectronHTML/JS localStorageMistral OCR Stripe
100%local data
payment, no sub
View product page →
SaaS · EU invoicing
Facta-Z

Send invoices, track payments, and stay compliant. Facta-Z is the unified workspace for freelancers and small companies to manage customer records, draft quotes/invoices with live PDF previews, collect online payments via Stripe Connect, and handle electronic invoicing. Designed with compliance in mind, featuring signed PDFs and 10-year encrypted archiving.

Role: sole architect, full-stack developer, product owner
Next.jsFastify PostgreSQLPrisma Stripe ConnectTypeScript
StripeConnect payments
10 yrssigned archiving
Livefacta-z.com

Security software developer — API scanning, agents, and machine identity

SaaS · API security
API Risk Monitor

Paste an OpenAPI 3.x spec or fetch a public HTTPS URL. Subsequently, you get a risk score and findings focused on auth posture and sensitive route exposure — not a full pentest, but actionable signal in seconds.

Role: sole developer, product & infra
Next.jsFastify OpenAPI 3.xTypeScript PostgreSQL
3input modes
<2sscan time
Open live scanner →
SaaS · Agentic AI
AI Agent Security Layer

Decision API that intercepts tool calls before side effects run. For instance, you can enforce allow, deny, or human-approval policies per action type. Furthermore, an append-only audit trail supports governance for teams running LLM agents in production.

Role: architect, sole developer
Next.jsFastify Policy engineAudit log TypeScript
3decision states
HITLhuman-in-loop
Open product overview →
SaaS · Vault encryption
Machine Identity

Inventory non-human identities: service accounts, API keys, tokens, and certificates. To clarify, client-side AES-256-GCM means the server stores ciphertext. Additionally, HMAC chain integrity and Shamir 3-of-5 recovery ship on Pro.

Role: architect, sole developer
AES-256-GCMHMAC chain Shamir 3/5.sfk export TypeScript
0plaintext stored
3/5Shamir threshold
Open product page →

Security software developer — experimental marketplace

Web · Marketplace · Escrow
WASTE.LAND

Marketplace for abandoned repos and dead side projects. First, sellers list inventory; then buyers inspect a preview and commit Scraps through Vault escrow. Finally, automated S.P.E.C.I.A.L. scoring by The Overseer keeps listings comparable.

Role: sole architect, full-stack developer
Next.jsFastify PostgreSQLEscrow logic GitHub OAuth
Scrapsin-platform credits
SPECIALautomated audit
Open WASTE.LAND →
About

Security software developer — privacy-first work at AlfaNest Labs

I'm Marian, a security software developer and founder based in Vendée, France. Firstly, I started AlfaNest Labs as a micro-entreprise to build tools where encryption happens on your device, not on a server you cannot inspect.

How I approach every product

My approach is straightforward: understand the threat model first, then design the architecture, then build. However, if the answer to “what happens when the server is compromised?” is that user data becomes exposed, I restart the design. Consequently, every release pushes risk left.

Principles I don't compromise on

Beyond security, I care about practical UX and honest pricing. Similarly, I avoid dark patterns and subscription traps on tools that do not need them. Above all, I do not claim certifications I have not earned.

Work with me Request a quote
Lab notes

Security software developer — lab notes and experiments

Smart systems require strict, verifiable boundaries. At AlfaNest Labs, we build AI, security, and decision infrastructure under a zero-trust model: every input is verified, every agent action is governed, and every execution boundary is locked by design.

Threat modeling as foundation

We prioritize rigorous threat modeling over rapid, unverified code. Before any system is built, we map failure modes, data leakage vectors, and authorization coverage to ensure the system remains resilient even if individual components are compromised.

User sovereignty by design

Our client-side encryption architectures mean we explicitly design systems so the server cannot access your plaintext secrets. By eliminating central points of failure, we protect your operations from both external threats and vendor compromises.

The EU CRA (effective September 2026) is not a certification wall for micro-operators. Instead, it asks for concrete, public artefacts.

What you actually ship

  • A public security policy (security.txt per RFC 9116)
  • A coordinated vulnerability disclosure process
  • A software bill of materials (SBOM) in CycloneDX or SPDX format
  • Security headers and documented encryption choices
  • Incident reporting to the relevant national CSIRT within 24/72h if a vulnerability is actively exploited

At AlfaNest Labs, we build products with this compliance built-in. SafeKey and EI-BNC Compta already publish these public-facing artifacts, while our security tools—Clearance, API Risk Monitor, and Agent Security—help teams scan OpenAPI specifications, intercept agent transactions, and map compliance readiness across MiCA, ISO 27001, and SOC 2.

To be announced...

Expertise

Security software developer — skills and delivery stack

How this security software developer ships

Below is the practical stack behind AlfaNest Labs. In short, cryptography, TypeScript, and operator discipline ship together. Likewise, compliance is treated as engineering, not marketing.

🔒
Cryptography
AES-256-GCM, Argon2, HKDF, HMAC, Shamir Secret Sharing, zero-knowledge design patterns
🌐
Web full-stack
Next.js, React, TypeScript, Fastify, PostgreSQL, REST APIs, server-side rendering, edge deploy
📱
Mobile (Android)
React Native, Expo, EAS Build & Submit, Google Play (internal + production tracks), biometrics
🖥️
Desktop
Electron, electron-builder, local-first data, offline-first UX, NSIS installer
⚙️
DevOps & infra
VPS (IONOS, Hostinger), PM2, Nginx, GitHub Actions, SBOM (CycloneDX), certbot, SSH deploy
📋
Compliance
EU CRA readiness, GDPR, security.txt RFC 9116, coordinated vulnerability disclosure, Art. 14
Let's work together

Have a project
in mind?

Work with the same security software developer who built SafeKey and the API tooling above

Whether you need a security product, API tooling, or a web or desktop app, you can reach out directly. After that, I usually reply the same day.

Request a quote View pricing