How Relevare protects your data. Built for IT teams and security reviewers who need to understand exactly what runs on their machines.
Last updated: March 2026
Relevare runs on the employee's workstation. Capture, on-device storage, and analysis are local. On free and pro tiers, captured content never leaves the device — the AI analysis stages send only privacy-filtered metadata to the LLM provider. Team-tier customers can additionally opt into zero-knowledge encrypted sync to Relevare-hosted storage for cross-device access and aggregated org dashboards; that sync is encrypted on-device before upload and our servers never see the key or plaintext.
Relevare does not install kernel extensions or system-level drivers. It uses standard macOS accessibility APIs and screen capture APIs that run in user space. A bug in Relevare cannot cause a kernel panic or blue screen — the operating system's process isolation protects against this.
| Data type | What it contains | Default state |
|---|---|---|
| Screen text | Text extracted from the focused window via accessibility APIs. On macOS, this reads the accessibility tree (not screenshots) for most apps. Terminal apps fall back to OCR. | on |
| Screenshots | JPEG snapshots of the focused window, stored locally. Used for frame context and video export. | on |
| App & window context | Application name, window title, browser URL (query parameters stripped). Used for workflow analysis. | on |
| Clipboard, keystrokes, mouse input | Not captured. There is no input-capture code path enabled in shipping builds. | never captured |
| Microphone, camera | Not captured. Relevare does not request microphone or camera permissions. | never captured |
| Background windows | Capture is event-driven on the focused (frontmost) window only. Background windows are never observed. | never captured |
All data lives in a local directory on the machine:
db.sqlite — structured data (text, metadata, intelligence findings)data/ — media files (focused-window screenshots)*.log — application logsData is owned by the local operating system user account. Access is governed by standard filesystem permissions. The REST API that serves the local dashboard binds to localhost (127.0.0.1) by default — it is not reachable from the network. Only applications running on the same machine can query it.
Mutation endpoints require authentication. All POST, PUT, PATCH, and DELETE requests must include a local API key auto-generated on first launch and stored at ~/.relevare/api-key.txt. This blocks the obvious cross-process attack — a malicious browser extension or other local app cannot delete data, deploy automations, or trigger analysis without the key. Read endpoints (GET) and the /health liveness check are exempt.
The local SQLite database is encrypted at rest with SQLCipher (AES-256). The encryption key is generated on first launch (32 random bytes, hex-encoded), stored at ~/.relevare/.db-key with mode 0600 on Unix, and applied via PRAGMA key as the first connection pragma. Without the key the database file is unreadable — sqlite3 ~/.relevare/db.sqlite returns file is not a database.
Existing unencrypted databases from earlier releases are migrated transparently via sqlcipher_export() on first launch after upgrade, with a backup written to db.sqlite.bak. We recommend operating-system full-disk encryption (FileVault, BitLocker) as a complementary defense.
Raw captured data is purged on a tiered schedule that runs hourly. Each layer has its own TTL, reflecting how the intelligence pipeline actually consumes the data:
| Data layer | Default TTL | Why |
|---|---|---|
| JPEG snapshots | 1 day | Largest disk consumer. Never read by the intelligence pipeline. |
| Accessibility tree JSON (raw) | 3 days | Forensic-only once flattened to text. |
| Frame text (accessibility text + OCR text) | 14 days | Powers in-app search and recent-insight drilldown. |
| Frame metadata (timestamps, app/window, hashes) | 90 days | Cheap; enables trend analysis and profile re-inference. |
| Intelligence metadata (insights, ledger, summaries) | forever | Product output. Contains no raw captured content. |
Retention is configurable. --retention-days 0 disables every layer. Data can also be deleted on demand via the time-range deletion API (DELETE /data/time-range), which is gated by local API authentication. There is no remote retention policy — Relevare has no access to the data and cannot enforce or prevent deletion.
The core question for security teams: what data leaves the machine, and where does it go?
| Communication | Destination | What is sent | Default state |
|---|---|---|---|
| Intelligence analysis | Anthropic APIapi.anthropic.com |
Privacy-filtered metadata only: app names, window titles, aggregated usage metrics, observation descriptions. Never raw screen content, screenshots, OCR text, or audio transcriptions. | opt-in |
| Product analytics & error telemetry | relevare.tech |
Anonymous, content-free product usage events: feature interactions, activation funnel steps, intelligence pipeline cost and latency, live notification fire/dismiss rates, hashed device ID, plan tier. Sanitized crash reports (paths and usernames stripped). Never screen content, OCR text, prompts, LLM outputs, URLs, file paths, raw app titles, or user/host names. Inspectable via the in-app telemetry viewer before send. | free: on pro: off by default |
| Auto-updates | relevare.tech |
Version check and signed binary download. No user data sent. | on |
| Encrypted sync (Team tier only) | relevare.tech |
Encrypted screen text and metadata, for cross-device access and the org dashboard. ChaCha20-Poly1305 authenticated encryption with keys derived from the user's password via Argon2id. Zero-knowledge — the server never sees the key or plaintext. HMAC-based search tokens enable server-side search without revealing the search terms. | team tier only |
| Raw screen content | — | Never transmitted. No endpoint exists for this. | never sent |
The intelligence pipeline has a single code path for data leaving the device: the prompt builder (prompt_builder.rs). This module explicitly strips raw content, reduces data to metadata-level summaries, and never includes screen text, OCR output, transcriptions, or screenshot data. This is enforced architecturally in code, not by policy.
Relevare collects anonymous, content-free product telemetry on the free tier to understand activation, retention, and pipeline cost. Pro users disable it with a single switch in settings. Org-tier deployments hand control to the org admin via the JWT config — individual employees in org deployments do not get a personal toggle, but the dashboard-parity rule applies (employees always see exactly what their org admin sees being sent).
The content boundary is identical across all tiers and settings: telemetry never contains screen content, OCR text, accessibility tree contents, LLM prompts, LLM outputs, URLs, file paths, raw app titles, screenshots, audio, or any captured user content. App names are bucketed by category (browser, comms, IDE) or restricted to an allowlist of well-known apps. An in-app telemetry viewer surfaces the exact events queued for the next batch send — available to all users, free, Pro, and Org.
Crash reports and license/entitlement checks are separately toggleable from product analytics and remain on by default even for Pro users unless explicitly disabled, because they are required for support.
Auto-updates can be disabled independently for enterprise-managed deployments.
Relevare ships with embedded API keys for AI analysis (Anthropic for workflow analysis, Google Gemini for solution research). These keys are compiled into the binary at build time and are never stored in source code.
Bring Your Own Key (BYOK): Organizations can provide their own API keys, which override the embedded keys. BYOK keys, ChatGPT OAuth tokens, and Claude setup tokens are stored in the operating system's native credential store — macOS Keychain (Security.framework) or Windows Credential Manager — via the keyring crate under service name tech.relevare.desktop. If the keychain is unavailable (CI, headless environments), Relevare falls back to file-based storage with a warning log. Credentials are never logged, never sent in telemetry, and never transmitted to Relevare infrastructure.
| Priority | Source |
|---|---|
| 1 (highest) | Customer-provided key (BYOK via settings) |
| 2 | CLI flag or environment variable |
| 3 | Build-time embedded key |
| 4 (fallback) | None — LLM stages skipped, metrics and timeline still run |
Regardless of which key is used, only privacy-filtered metadata (app names, window titles, usage durations) is sent to the respective API providers. Raw screen content, OCR text, screenshots, and audio are never transmitted.
Before any captured text is persisted, it passes through a regex-based redaction layer that strips:
The following applications are skipped at the capture layer and never read: 1Password, Bitwarden, LastPass, Dashlane, KeePassXC, and Keychain Access. Any window whose title matches password, private, incognito, or secret is also skipped — this covers private browsing tabs across all browsers.
When the operating system reports that a secure text input field is active (password fields, financial forms), capture pauses automatically.
The intelligence pipeline classifies each app the user touches as work or personal based on the user's specific inferred role and industry — the same app can be work for one person (Instagram for a marketing manager) and personal for another (Instagram for an accountant). Personal apps are excluded from bottleneck analysis and never appear in executive summaries. When uncertain, the model defaults to "work" so legitimate work data is never silently dropped.
IT administrators can configure additional blocklists to exclude specific applications or website domains from capture. This is configured per-machine through the application settings or programmatically via the local API.
Relevare exposes an MCP tool (deploy-pipe) that AI assistants like Claude Desktop can call to install workflow automations on the user's machine. To prevent third-party MCP clients from deploying automations without the user's knowledge, every deploy-pipe call surfaces a desktop confirmation dialog before the automation is written to disk or enabled. The dialog has a 60-second timeout and defaults to deny. Combined with API authentication on mutation endpoints, this closes the indirect-RCE surface from local-process abuse of the automation system.
Relevare's capture layer is built on open-source technology with full source code available for inspection. Anyone — your security team, a third-party auditor, or the public — can read exactly what data is captured, how it is stored, and what leaves the device.
This is a trust signal that closed-source monitoring products cannot provide. You don't have to take our word for how the agent works — you can verify it yourself.
Open source: screen capture, accessibility text extraction, data storage, local API, OCR. Proprietary: the intelligence pipeline (workflow analysis, bottleneck detection, solution design, executive summaries).
| Capability | macOS | Windows |
|---|---|---|
| Code signing | signed | signed |
| Signing authority | Apple Developer ID | Azure Trusted Signing (Authenticode) |
| Notarization | notarized | N/A |
| Hardened runtime | enabled | N/A |
| Update signature verification | minisign | minisign |
| Enterprise managed deployment | supported | supported |
macOS builds are signed with an Apple Developer certificate, notarized with Apple's notary service, and run with hardened runtime enabled. Windows builds are signed via Azure Trusted Signing as part of the CI/CD release pipeline. Updates on both platforms are cryptographically verified using minisign before installation.
Enterprise builds disable in-app auto-updates, allowing IT teams to manage deployment through their existing tooling (Intune, Jamf, etc.).
| Certification / standard | Status |
|---|---|
| Privacy policy | published |
| Terms of service | published |
| SOC 2 Type II | in progress |
| GDPR compliance | in progress |
| HIPAA (team tier) | architecture compatible, BAA available |
| ISO 27001 | planned |
| Penetration test | planned |
Relevare's on-device architecture dramatically reduces compliance scope. Free and pro tiers never send raw captured content to any vendor — the LLM providers (Anthropic, OpenAI, Google) receive only privacy-filtered workflow metadata under their respective DPAs. Team tier adds optional encrypted sync to Relevare-hosted infrastructure for cross-device access and aggregated org dashboards; that sync is zero-knowledge (encrypted on-device with a key derived from the user's password), so the same server-side compliance scope applies even when sync is enabled. SOC 2 scope shrinks to SDLC, code signing, access controls, and organizational policies — roughly 30–50% less than a cloud-based competitor that ingests raw user data.
If you discover a security vulnerability, please report it responsibly:
We acknowledge reports within 48 hours, triage within 7 days, and coordinate disclosure with the reporter. We do not take legal action against good-faith security researchers.
Full disclosure policy available upon request. Contact [email protected]
For detailed IT deployment information — permissions, network call inventory, managed deployment (MDM), data model, and independent verification steps — see our IT Security & Deployment Guide.