Built around whatstays on your device.
Four things we promise.
Screen capture happens on-device. OCR text extraction uses Anthropic's Claude Vision API — the screenshot is not stored beyond that call. Memory sessions live in a SQLite file on your Mac. Nothing else leaves the device unless you trigger an Action.
Khint isn't watching screens or keystrokes. The only things sent to the inference API are the text you highlighted, plus (optionally) the compact context of your active session. Cloud sync (when signed in) and auto-update checks are the only other outbound traffic — both opt-in / inert by default.
Our cloud inference provider contractually doesn't train on inputs or outputs. We don't run any model fine-tunes on user data ourselves.
Cloud sync is opt-in via sign-in. If you don't sign in, nothing leaves your machine. Hashed session tokens; the database is reachable only via our service key.
Where every byte goes.
- 1. You highlight text in any app
- 2. Your shortcut opens the palette
- 3. You pick an Action
- 4. Khint sends [selected text] + (optional) [compact session context] to the inference API
- 5. The API returns the rewritten text
- 6. Khint pastes it back in the original app
- 7. Local SQLite logs the input + output for your history
Two other outbound calls exist: (a) if you are signed in, your Actions / Packs / Chains / history sync to Supabase after local edits — Memory sessions stay local; (b) Khint checks for app updates on launch. Both are described in detail on the Privacy page.
The questions a security team would ask.
Does Khint watch my screen all the time?
No. Khint reads selected text only when you press your shortcut and pick an Action, and reads pixels only when you press the capture shortcut for OCR. There is no background screen capture, no keystroke logging.
Where does the AI run?
On a hosted inference API. When you trigger an Action, the highlighted text (plus optionally the compact session context) is sent to the API. The response comes back, gets pasted, and is logged in your local SQLite history.
Do you train on my data?
No. Our inference provider's API terms prohibit training on customer inputs and outputs. We don't run any fine-tunes ourselves.
What about OCR? Is the screenshot uploaded?
On macOS, Khint captures the screen on-device — the screenshot stays on your Mac. The image is then sent to Anthropic's Claude Vision API to extract the text; nothing is stored beyond that single call. The screenshot itself is never uploaded to Khint's servers.
What is stored, where?
Local SQLite on your Mac for: Actions, Memory sessions, history. If you sign in, those records also sync to a Supabase Postgres database, encrypted at rest. Stripe holds your billing details if you upgrade.
Can I delete everything?
Yes. Uninstall Khint to wipe the local database. If you signed in, email us and we'll delete your server-side data. (We'll automate this once we have more users.)
Found something? Tell us.
We don't run a bug bounty yet, but we read every email. Responsible disclosure goes a long way at this stage.