Khint privacy policy.

1. Who we are

Khint is operated by KAZOUINI MOHAMED-AMINE, entrepreneur individuel registered in France (SIREN 102 311 560, R.C.S. Paris), based at 52 rue Dutot, 75015 Paris, France. We act as the data controller for the data described below. Contact: [email protected]. See also our legal notice.

2. What Khint actually does on your machine

Khint is a desktop app — a menu-bar app on macOS and a system-tray app on Windows. It reacts to three keyboard shortcuts:

• ⌘⇧K opens the action palette. Khint reads the text you have selected in the foreground app and sends it, with the prompt of the action you pick, to our inference provider (Anthropic). The result is pasted back into the same app and logged in a local SQLite database for your action history.
• Palette OCR captures the screen region on-device, then sends the image to Anthropic's Claude Vision API for text extraction. The extracted text is pasted. The screenshot is not stored beyond that single call.

Khint does not record your screen, log your keystrokes, or monitor your apps in the background. The only network calls it makes are: (a) the Anthropic call when you trigger an action, (b) optional cloud sync when you sign in (see §6), and (c) auto-update checks.

3. What we collect, and why

From the desktop app, when you trigger an AI action: the selected text and (if a Memory session is active) its compact context summary, sent to our backend, which forwards them to Anthropic to generate the rewrite. We need this to run the action you asked for.

From the desktop app, in your local SQLite database: your action history (input, output, timestamp, action used), your saved Actions / Packs / Chains, and your Memory sessions. This stays on your device unless you sign in.

From the desktop app, if you sign in: your Clerk-authenticated identity (email, user id), and your action history, Actions, Packs, and Chains are mirrored to our Supabase database so they sync across machines. Memory sessions stay local — they are never synced to our servers.

From the marketing site: standard hosting logs (IP, user agent, request path) at the DigitalOcean platform layer. We do not run third-party analytics or marketing trackers on this site at the time of writing.

If you upgrade to Premium: Stripe collects your payment details directly. We never see your card number; we only see the resulting subscription status linked to your account.

4. What we do not collect

• We do not capture, screenshot, or record your screen continuously. OCR only runs when you trigger it from the palette.
• We do not log keystrokes, monitor clipboard contents, or introspect what app you are in.
• We do not collect anything from text you have not selected, even when an action is triggered.
• We do not sell, rent, trade, or share your data with anyone outside the sub-processors listed below.
• We do not train any models on your inputs or outputs. Our inference provider also does not (per their API terms).

5. Sub-processors

Khint relies on the following third-party services to operate. Each one only sees the data it needs.

• Anthropic(Claude API, USA) — receives the selected text and active session context when you trigger an AI action; returns the rewritten text. Anthropic's commercial API terms forbid training on inputs and outputs.
• Clerk (authentication, USA) — handles sign-up, sign-in, and session tokens for accounts that opt in to cloud sync. Clerk receives your email and authentication metadata.
• Supabase (Postgres database, EU region) — stores the cloud-synced copy of your Actions, Packs, Chains, action history, and Memory sessions. Encrypted at rest and accessed only by our backend service key.
• Stripe (billing, USA / Ireland) — processes Premium subscriptions. Stores card and billing data; we do not.
• DigitalOcean (hosting, USA) — serves this marketing site and the Khint backend API. Standard request logs.

6. Cloud sync is opt-in

Cloud sync only runs once you sign in inside the desktop app. If you never sign in, none of the data described in §3 leaves your device (with the exception of the per-action call to Anthropic, which is required for the AI action itself). When you sign out, local data stays; only the sync stops.

7. Data retention

Local SQLite data lives on your device until you uninstall Khint or delete the app's storage directory. Cloud-synced data lives in Supabase until you ask us to delete it. Anthropic retains API request data per their commercial policy (typically 30 days of operational logs, no training).

8. Your rights

If you are in the EU/UK, you have rights under GDPR/UK GDPR: access, rectification, erasure, restriction, portability, and objection. To exercise any of them, email [email protected]. We aim to reply within 30 days. We will not require a special process or fee. You can also lodge a complaint with your local supervisory authority.

You can also: uninstall Khint to wipe the local database; delete cloud-synced data by emailing us (we will automate this once we have more users).

9. International transfers

Anthropic, Clerk, Stripe, and DigitalOcean are USA-based. Supabase hosts our database in the EU. Where data is transferred outside the EU/UK, we rely on the providers' Standard Contractual Clauses (SCCs) and equivalent safeguards.

10. Children

Khint is not directed at people under 16. We do not knowingly collect personal data from minors.

11. Changes to this policy

We will update the "Last updated" date below when this policy materially changes. For significant changes (new sub-processor categories, data uses), we will also post a notice on our changelog page before the change takes effect, and surface an in-app notice the next time you open Khint.

12. Contact

Questions, concerns, or rights requests: [email protected].