Twenty-eight questions, answered without spin.

Twelve to eighteen hours of continuous multi-vector scanning, modelled and verified component-by-component. Operational cycle alternates ~9.5 s of light-sleep at ~0.1 mA with a 0.5 s active-scan burst at ~95 mA — yielding an average current of 25–45 mA. A 1300 mAh cell at 30 mA average yields 16.7 h theoretical autonomy. Deep-sleep with wake-on-button reaches ~22 µA, equivalent to roughly thirty days of standby. Shield Mode draws ~220 mA but is short-term and operator-initiated by design, so it is excluded from the autonomy budget.

Project SPYNO Answer · Chapter 1

Passive thermal management exclusively. The principal constant heat source is the AMS1117 LDO regulator dropping 4.2 V → 3.3 V at ~50 mA load (~0.045 W dissipation). The PCB carries a solid ground plane with thermal vias under the LDO, turning the entire copper surface into a low-profile heatsink. The ABS / polycarbonate enclosure dissipates the spread heat to ambient. Internal components operate well under 40 °C in 25 °C ambient. Test plan HW-T-08 stress-tests Shield Mode for 30 minutes and verifies surface and component temperatures via thermal camera.

Project SPYNO Answer · Chapter 2

Frequency diversity and spatial diversity — the same principles every modern smartphone uses to host 5–7 antennas. SPYNO's three radios sit at 13.56 MHz (NFC), 433/868 MHz (CC1101), and 2.4 GHz (BLE 5) — separated by factors of tens to hundreds. Spatially, BLE goes at one end of the PCB, NFC at the opposite end, sub-GHz in a corner. PCB-level isolation uses keep-out zones under each antenna, guard traces, and a solid ground plane shield. Standard industrial RF practice, scaled to our specific frequency set.

Project SPYNO Answer · Chapter 3

NFC: up to 5 cm — physical limit of 13.56 MHz. BLE: up to 10–12 m line-of-sight; behavioural classifier engages only above –75 dBm RSSI, calibrated for relevance not maximum range. Sub-GHz RF: 3–15 m, dependent on transmitter power of the threat. Wi-Fi cameras: up to a full 2.4 GHz Wi-Fi cell, ~30 m through one wall. Acoustic FFT: 1.5–2 m for 217 Hz GSM and 50/60 Hz coil-whine fingerprints. Each range matches the physics of the threat class.

Functional Specification · T-NFC-01 / T-BLE-01 / T-RF-01 / T-SM-01

Yes. Three independent hardware radios run in parallel under FreeRTOS RTOS. The BLE module collects all advertising packets in each scan window and applies signature matching plus 90-second behavioural persistence to every device in parallel. CC1101 measures spectral energy across the band, not a single target. PN532 detects any external 13.56 MHz field. The Threat Logic Engine maintains a candidates buffer; any device whose RSSI persists above –75 dBm for 90+ seconds is classified, regardless of how many other devices are simultaneously being tracked.

Project SPYNO Answer · Chapter 4

Hardware Root of Trust on the ESP32-S3. (1) Secure Boot v2 — the bootloader cryptographically verifies the firmware's RSA-3072 signature on every power-on; unsigned or modified firmware will not execute, even with physical access. (2) Flash Encryption — AES-256 hardware encryption for all internal flash; the encryption key sits in one-time-programmable eFuses, physically unextractable. Desoldered flash chips return only encrypted noise. The device cannot be repurposed as a "rogue bug" by a software route.

Project SPYNO Answer · Chapter 5 · Vol 05 § 4

Standard BLE LESC (Low Energy Secure Connections, BLE 5.0) using ECDH P-256 key exchange, AES-256 transport encryption (FIPS-197 compliant), and 6-digit numeric-comparison out-of-band confirmation displayed on the device's TFT during pairing. Bonding stored on both sides; up to four bonded peers. Once paired, the device uses Resolvable Private Addresses rotating every fifteen minutes when not in active session — providing privacy even on the BLE layer.

Vol 05 § 3.4 · Vol 07 § 5

Three reasons. First, BLE 5 + Wi-Fi 802.11 b/g/n + AI/SIMD DSP + native USB-CDC on a single $5.40 die in a publicly-supported package — no other commercial silicon ships this combination. Second, mature toolchain, open-source ecosystem, and dual-source qualification with Espressif distributors. Third, custom silicon for a pre-seed counter-surveillance product is a $20–40M undertaking that would derail go-to-market by 24–36 months. The architecture is silicon-portable; the v2.0 PCB inherits the same ICs with dual-source qualification on every critical line.

Vol 02 + 08 · ADR-001

Non-linear distortion. Condenser and MEMS microphones use a flexible diaphragm tuned to 20 Hz – 20 kHz. SPYNO emits a high-power, frequency-hopping signal at 21.5–23.5 kHz through a piezoelectric transducer driven by an N-MOSFET. The diaphragm cannot mechanically resolve a signal at that intensity and frequency — the resulting non-linear distortion drowns the audible band with noise that cannot be filtered out post-hoc. We are not jamming. We are forcing the threat microphone to record garbage.

Project SPYNO Answer · Chapter 6 § 1

Yes — and that is the point. The non-linear distortion mechanism is universal across condenser and MEMS microphones; it cannot distinguish a hostile recorder from a benign one. With Shield Mode active, every microphone in the acoustic bubble (~1.5 m radius) — including the operator's own Siri, Alexa, Google Assistant, smart speaker, and laptop — will record only noise. This is a deliberate trade. The user activates Shield Mode in moments where they prefer no microphone in the room to be operational. The mode is short-term (default 5 minutes) and ends explicitly.

Project SPYNO Answer · Chapter 6 § 4

No. Shield Mode requires a deliberate operator action: physical double-press of the SHIELD button, or explicit command from the paired mobile app. There is no autonomous trigger, no environmental classifier that auto-arms it. The Meeting scenario profile can pre-arm Shield Mode to fire automatically on the first classified threat, but that profile must be explicitly selected. The firmware architecture has no other code path that calls activate_shield_mode().

Project SPYNO Answer · Chapter 7 · firmware/src/shield_mode.cpp

The ESP32-S3 enters monitor mode via esp_wifi_set_promiscuous(true). The radio is locked to the discovered camera's working channel. A raw 802.11 deauthentication management frame is constructed with destination = camera MAC, source = router BSSID (legitimate field, not spoofed in the malicious sense — this is how the standard deauthentication flow works). The frame is injected via esp_wifi_80211_tx() and repeated every 1.5 s. The camera disassociates, can attempt to reconnect, and is disassociated again. Standard 802.11 management traffic, MAC-targeted, channel-locked.

Project SPYNO Answer · Chapter 8 § 1 · firmware/src/shield_mode.cpp::wifi_deauth_tick

No, this is a localised resource-exhaustion attack at the protocol layer, not a network DDoS. A FreeRTOS task creates a NimBLE client, calls connect(target_mac), and immediately deletes the client without waiting for the handshake to complete. This sequence repeats hundreds of times per minute. The tracker's single-threaded BLE stack saturates on these connection attempts and cannot service its primary function (broadcasting the FindMy advertising packet). We never exceed FCC §15.247 power limits or burst-time constraints — the airwaves remain quiet, only the target tracker's state machine is occupied.

Project SPYNO Answer · Chapter 8 § 2

Detection to alert: ≤ 3 s for BLE classified by signature, 90 s for behavioural. Sub-GHz: 10 s persistence. NFC: instant. Once the operator decides to engage Shield Mode, double-press dispatch to active emission is under 200 ms. The Ed25519 JWT verification path takes ~30 ms on the ESP32-S3 hardware-accelerated curve operation. Net: roughly 1–3 seconds from button-press to all four counter-vectors live, dominated by BLE flood task spin-up.

firmware/src/main.cpp + shield_mode.cpp + jwt.cpp

A jammer creates broadband chaotic noise to suppress all signals in a band. SPYNO does not. Our protocol counter-vectors emit short, low-power, MAC-targeted management frames structurally identical to legitimate Wi-Fi and BLE traffic. All emissions remain below 50 µV/m at 3 m per FCC §15.209(a). Ultrasonic emission is acoustic, not electromagnetic, and falls outside FCC jurisdiction entirely. Section 333 prohibits "willful or malicious interference with licensed services." We do not interfere with licensed services; we use legitimate protocol functions defensively against a single classified threat.

Project SPYNO Answer · Chapter 9 · USPTO 19/260,580

Marriott was fined for blocking guests' personal hotspots indiscriminately to push paid Wi-Fi sales — broadband against all bystanders for commercial gain. SPYNO's deauth is targeted: only the MAC pair of a hidden camera classified by the OUI database and SSID heuristics, channel-locked to that camera. No bystander device is affected. Operator-initiated in defence of operator privacy in a place they have legitimate counter-surveillance interest. Subscription-gated, audit-logged, per-vector toggleable. If FCC interpretation tightens, Vector #3 ships disabled in the consumer SKU and is reserved for the Operator (B2B) tier under written contract.

Project SPYNO Answer · Chapter 8 + 9 · SM-3.0 §3.2

Yes. The petition was filed on 3 December 2025 in application 19/260,580, accompanied by a Preliminary Amendment, an Information Disclosure Statement (IDS), and two exhibits (CISA / DHS reporting plus inventor declaration). 37 CFR §1.102(c)(1) is a no-fee petition that, if granted, advances the application out of turn for examination based on its material contribution to counter-terrorism, espionage prevention, or national-security asset protection. Realistic acceleration: 6–12 months earlier examination versus the ordinary queue. The decision is pending. If denied, the underlying application proceeds at normal pace with no prejudice — and the factual record in the file wrapper remains useful for any defence-tech adjacency conversation.

Vol 23 § 3 · USPTO/NEW/Petition_Special.pdf

Under the EU Radio Equipment Directive 2014/53/EU (RED), we test against EN 300 328 (2.4 GHz wideband modulation), EN 300 220 (sub-GHz short-range devices), and EN 301 489-1/-3/-17 (EMC for radio + ITE + DTS). EU consumer SKUs may ship with the Wi-Fi deauth vector disabled by default depending on EU counsel guidance. CE Marking is a self-declaration with technical-file retention for 10 years post-production. UKCA in parallel; ISED reciprocal recognition with FCC for Canada.

Vol 09 § 2

Multi-vector active counter-surveillance for operator use is likely to fall under USML Category XI (Military Electronics). Defence-export counsel will confirm the classification post Series A; until then we treat it as ITAR-controlled and limit defence-variant discussion to vetted government, allied-defence, and authorised commercial customers under written contract. The consumer SPYNO remains EAR-controlled (commerce, lower bar). The two SKUs are legally distinct hardware lines — defence variant is US-only manufacturing, DoD trusted-supplier path.

Vol 21 § 4

Each Shield Mode activation requires the firmware to verify an Ed25519 JWT issued by the SPYNO cloud. The JWT carries the user UUID, device serial hash, tier, and a 30-day expiry. Each issuance is logged in the cloud D1 database (issued_jwts table) with timestamp, account, device hash, tier. Revocation is one KV-namespace write away — propagating globally in seconds. This produces an auditable trail per device per activation: USPTO Claim 7, FCC enforcement defence, and EU CRA Article 7 (security obligation evidence) are all served by the same architecture.

Vol 24 § 4 · USPTO 19/260,580 Claim 7

Three benchmarks. (1) Premium personal-electronics + subscription pricing is well-validated: Garmin inReach Mini 2 at $399 + $14.95/mo, Whoop 4.0 at $239 + $30/mo. (2) Hardware unit economics: Phase 3 BOM at $50.70, channel-loaded cost at ~$103 / unit, leaves 71 % gross margin at $349. (3) The $200–500 segment is structurally empty — toy detectors at $30, professional gear at $1,200+. We anchor the upper-end of the affordable consumer segment. Service margin is 92 % gross — which is what makes this a software-grade business, not a hardware-grade one.

Vol 12 § 2

Three concentric rings. Tier 1 (acquisition focus): high-signal early users — frequent international travellers, tech-literate executives, investigative journalists, public figures, defence-community alumni. Acquired through founder warm intros, targeted X / Wirecutter coverage, two specialty subreddits, and EP-industry conferences. Tier 2 (year 2-3): premium consumer + early B2B (executive protection firms, hospitality concierge floors, journalism NGOs). Tier 3 (year 3+): mainstream consumer once social proof is in place. Year 1 sells ~4,800 units against this Tier 1 base.

Vol 17

Phase 1 (50–100 units): JLCPCB+SMT + UK/Estonia CNC enclosure shop. Phase 2 (500–1000): Sunlord-Honglitronic Shenzhen, MOQ 500, lead 18-24 days. Phase 3 (5K-25K): dual-source path with Shenzhen primary + Estonia secondary for resilience and EU-data-residency customers. Critical IC dual-sourcing: ESP32-S3 single-source (Espressif) is the principal exposure — managed via 12-week buffer stock and Espressif allocation monitoring. CC1101 has Si4463 second-source via firmware abstraction. PN532 second-source ST25R3911 candidate for v2.0. AO3400 + standard SMT components are commodity.

Vol 08

No, and we say so explicitly. The seed round funds consumer + executive-protection B2B. The defence variant (SPYNO/D) is **optionality**, not a milestone. We document the architecture so an acquirer or Series A investor can price the option. We engage defence-export counsel only post-Series A and only if 2 of 4 indicators trigger: EP design partner pulls us into a defence referral, inbound from US Air Force / DARPA / Special Forces, acquirer interest from a defence prime, or Series A leader values defence optionality.

Vol 21 § 6 + 8

Five. G1 (Q2 2027): Custom v2.0 PCB validated. G2 (Q3 2027): Mobile apps shipping. G3 (Q4 2027): US Utility patent issued + PCT international filed. G4 (Q1 2028): FCC Part 15 + EU CE certified. G5 (Q2 2028): Three paying B2B design-partner contracts executed. With G1-G5 cleared, the company enters Series A with a custom-PCB shipping product, granted US Utility, FCC + CE certifications, and a paying B2B base. Capital efficiency is the selling story: the entire stack from idea to G5 fits inside $1.5M.

Vol 22 · investor-pack/01_Term_Sheet.md

Yes. Sole founder, full-time on SPYNO. Founder vesting is 4 years with a 1-year cliff and monthly thereafter on 100 % of founder common stock at incorporation. Standard PIIA assigns all SPYNO-related IP — including USPTO 63/798,670, 19/234,443, 19/260,580, and trademark 99269171 — to the corporate entity at incorporation. No outside employment, no consulting beyond what is disclosed.

investor-pack/01_Term_Sheet.md § 5

Not yet. The seed round funds FCC Part 15 ATL testing in Q2-Q3 2027 (budget $25 K turnkey at MET Labs / CKC / Element). Pre-scan engineering is scheduled for Q1 2027 to derisk the formal test. EU CE testing in parallel. All claims on the marketing site that depend on lab data are flagged with a "target" or "validation pending" qualifier. The /faq is the contract: every spec on this site that is currently engineering-modelled rather than lab-measured is identified.

Vol 09 § 1.2 · § 1.3

Phase 2 production pilot of 500–1000 units ships at G5 (Q3-Q4 2027), with the first three B2B design partners receiving units under contract at that gate. Consumer pre-orders open at G5 with a Q4 2027 / Q1 2028 fulfilment window once FCC certification is in hand. The Standard subscription begins billing on first ship. We deliberately do not take consumer pre-order money before FCC certification is real — that posture is a public commitment.

Vol 22 · Vol 12 § 3

Every load-bearing claim on this site is backed by a US government record, a published source, or an in-repo source file. The /proof page lists every USPTO Patent Center direct link (19/260,580, 19/234,443, 63/798,670), the TSDR trademark link (99269171), the GitHub engineering repository, the Certificate Transparency log for spyno.io TLS issuance, and the SSL Labs grade. Any DD team can verify the entire stack in 30 minutes.

/proof · USPTO Patent Center · TSDR