Security & privacy

Built so we couldn't betray you if we tried

Clypy's privacy isn't a policy you have to trust — it's the architecture. Here's exactly how a clip moves, and what we can and can't see.

END-TO-END ENCRYPTION

Keys never leave your devices

Every clip is sealed on the device that copied it, with keys generated on your hardware and held in the OS keychain — never in a readable file. Our relay forwards ciphertext it has no way to open.

ON-DEVICE AI

Intelligence without disclosure

Semantic search, OCR, and classification all run locally. Your clips are never uploaded to a model, ours or anyone else's.

SECRET HYGIENE

Secrets are treated as radioactive

Password-manager copies are never captured. Anything that looks like a secret is concealed on sight and auto-expires from history.

YOUR EXIT

Delete means delete

Wipe a clip, a device, or your whole history at any time. There's no account to leave behind and nothing readable retained on our servers.

Plain-language commitments

No fine print, no asterisks

Independent audit
Cure53, March 2026
Read the report
  • We can't read your clips — our servers only ever hold ciphertext.
  • No account, no password, no profile. There's nothing to breach.
  • On the same network, clips sync device-to-device and skip our servers entirely.
  • AI runs on your device; clip contents are never sent for processing.
  • Password managers and detected secrets are never captured or synced.
  • Export or delete everything whenever you want — deletion is permanent.