TYPILOT V2The new Typilot is almost here. Desktop downloads open at launch.

00SECURITY · ARCHITECTURE

Local-first.By architecture, not by policy.

Typilot runs every AI inference on your machine - Ollama for language, Whisper for voice, Supertonic for speech. There is no server to send your prompts to. There is no telemetry endpoint receiving your text. The proof is in the architecture diagram below, the permissions list, and three independent audits.

Read the audit reports Download Typilot→

01 · How a prompt flows

Your text never leaves the box.

Your keystroke

Ctrl + Space

→

Typilot daemon

Rust + Tauri

→

Ollama

Local model

→

Whisper · Supertonic

On-device STT / TTS

→

Result

Back into your app

✗ NO network call - your prompt never reaches a third-party LLM

The only network call Typilot makes by default is a license check against our server. Your prompts, your voice, your meetings, your selections - all stay on the device. You can verify this in the system logs and in the audit reports below.

02 · Permissions

Exactly what we ask for.And why.

Keyboard input

Accessibility permission on macOS, raw input on Windows/Linux

Lets the global activation shortcut work in any app.

Required

Microphone

OS standard mic permission

Only if you enable voice mode, notes, or meeting recording.

Optional

Screen recording

macOS-only · used for system audio capture

Only if you enable system-audio meeting recording or screenshot context.

Optional

Disk

Local SQLite database in app data dir

Stores history, notes, meetings, settings. Nothing leaves the device.

Required

Network

Outbound - license endpoint only

License verification is the only network call by default. You can turn it off after activation.

Optional

03 · Threat model

What we defend against.

Attack

A third-party LLM provider sees your prompts.

Defense

Impossible by construction - Typilot does not call any third-party LLM. All inference is Ollama on your machine.

Attack

A model fine-tunes on your data.

Defense

No data ever leaves the device, so no model can be trained on it. You can verify by inspecting Ollama logs.

Attack

Telemetry leaks your prompts to analytics.

Defense

No prompt-level telemetry. The only outbound call is a license check; you can review traffic with Little Snitch or a packet inspector.

Attack

Meeting audio uploaded for processing.

Defense

Whisper runs locally with Metal acceleration on Apple Silicon. Audio files stay in your local SQLite store; you choose to keep or delete them.

Attack

Cloud sync of notes, history, meetings.

Defense

There is no cloud sync. All artifacts are in a SQLite file in your user data directory.

04 · Independent audits

Don't trust us. Read the reports.

GDPR · European Union

Independent assessment confirms no personal data leaves the device. Article 5(1)(c) minimisation principle satisfied.

May 2026 · PDF 1.2 MBRead →

GDPR · Germany

BSI-aligned review of local-only inference, telemetry boundaries, and update integrity. No server-side processing.

April 2026 · PDF 1.1 MBRead →

CCPA · California

Consumer right-to-know report: zero collected personal information. No sale or sharing of user data.

April 2026 · PDF 0.9 MBRead →

05 · Common questions

What people ask first.

Does Typilot send my data to OpenAI, Anthropic, or any third party?+

No. All AI inference runs on your machine through Ollama, Whisper, and Supertonic. The only network call by default is a license check.

How can I verify network behavior?+

On macOS, Little Snitch or LuLu will show every outbound connection. On Linux, nethogs or tcpdump. Typilot will only show the license endpoint.

Is meeting audio uploaded?+

No. Audio is captured locally, transcribed locally with Whisper, and stored in a local SQLite database. You can delete the raw audio after the summary is generated.

What happens to my data if I uninstall Typilot?+

Your prompts, notes, meetings, and history live in the app data directory. Uninstall removes the app; you can manually delete the data directory to remove everything.

Is the source available?+

License verification logic is source-available so you can confirm exactly what data - and only what data - is sent over the network.

Privacy is a feature.Not a disclaimer.

Three days on us - no card. If the architecture doesn't convince you, the audit reports might.

Download free Privacy policy→

00SECURITY · ARCHITECTURE

Local-first.By architecture, not by policy.

Read the audit reports Download Typilot→

01 · How a prompt flows

Your text never leaves the box.

Your keystroke

Ctrl + Space

→

Typilot daemon

Rust + Tauri

→

Ollama

Local model

→

Whisper · Supertonic

On-device STT / TTS

→

Result

Back into your app

✗ NO network call - your prompt never reaches a third-party LLM

02 · Permissions

Exactly what we ask for.And why.

Keyboard input

Accessibility permission on macOS, raw input on Windows/Linux

Lets the global activation shortcut work in any app.

Required

Microphone

OS standard mic permission

Only if you enable voice mode, notes, or meeting recording.

Optional

Screen recording

macOS-only · used for system audio capture

Only if you enable system-audio meeting recording or screenshot context.

Optional

Disk

Local SQLite database in app data dir

Stores history, notes, meetings, settings. Nothing leaves the device.

Required

Network

Outbound - license endpoint only

License verification is the only network call by default. You can turn it off after activation.

Optional

03 · Threat model

What we defend against.

Attack

A third-party LLM provider sees your prompts.

Defense

Impossible by construction - Typilot does not call any third-party LLM. All inference is Ollama on your machine.

Attack

A model fine-tunes on your data.

Defense

No data ever leaves the device, so no model can be trained on it. You can verify by inspecting Ollama logs.

Attack

Telemetry leaks your prompts to analytics.

Defense

No prompt-level telemetry. The only outbound call is a license check; you can review traffic with Little Snitch or a packet inspector.

Attack

Meeting audio uploaded for processing.

Defense

Whisper runs locally with Metal acceleration on Apple Silicon. Audio files stay in your local SQLite store; you choose to keep or delete them.

Attack

Cloud sync of notes, history, meetings.

Defense

There is no cloud sync. All artifacts are in a SQLite file in your user data directory.

04 · Independent audits

Don't trust us. Read the reports.

GDPR · European Union

Independent assessment confirms no personal data leaves the device. Article 5(1)(c) minimisation principle satisfied.

May 2026 · PDF 1.2 MBRead →

GDPR · Germany

BSI-aligned review of local-only inference, telemetry boundaries, and update integrity. No server-side processing.

April 2026 · PDF 1.1 MBRead →

CCPA · California

Consumer right-to-know report: zero collected personal information. No sale or sharing of user data.

April 2026 · PDF 0.9 MBRead →

05 · Common questions

What people ask first.

Does Typilot send my data to OpenAI, Anthropic, or any third party?+

No. All AI inference runs on your machine through Ollama, Whisper, and Supertonic. The only network call by default is a license check.

How can I verify network behavior?+

On macOS, Little Snitch or LuLu will show every outbound connection. On Linux, nethogs or tcpdump. Typilot will only show the license endpoint.

Is meeting audio uploaded?+

No. Audio is captured locally, transcribed locally with Whisper, and stored in a local SQLite database. You can delete the raw audio after the summary is generated.

What happens to my data if I uninstall Typilot?+

Your prompts, notes, meetings, and history live in the app data directory. Uninstall removes the app; you can manually delete the data directory to remove everything.

Is the source available?+

License verification logic is source-available so you can confirm exactly what data - and only what data - is sent over the network.

Privacy is a feature.Not a disclaimer.

Three days on us - no card. If the architecture doesn't convince you, the audit reports might.

Download free Privacy policy→