HiddenAI Security Details

At HiddenAI, we've built security and privacy into every aspect of our application. Learn how we protect your data and ensure your privacy while using our invisible productivity tools.

Security Overview

HiddenAI is designed with a security-first approach. Our product helps you maintain privacy during meetings, coding interviews, and remote work sessions while also implementing robust security measures to protect your data behind the scenes. This page details our comprehensive security architecture and practices.

Security Architecture

Local-First Design

HiddenAI processes and stores your data locally whenever possible. Your notes, settings, and preferences never leave your device unless explicitly shared through our cloud features.

  • All notes stored locally with optional encrypted backup
  • Preference settings remain on your device
  • Browser history managed locally

Invisible Mode Technology

Our core invisibility technology uses Windows API redirection and desktop composition layer modifications to keep HiddenAI undetectable during screen captures.

  • Zero display layer interference with desktop-level hooks
  • Process isolation from screen capture apps
  • Taskbar ghosting prevents display in recording tools

Data Protection

HiddenAI implements multiple layers of data protection to ensure your information remains secure whether stored locally or processed in the cloud.

Local Storage Security

All locally stored data is protected with:

  • AES-256 encryption for sensitive files
  • Isolated storage container with access controls
  • Automatic deletion of temporary AI processing data
  • Encrypted notes database with key rotation

AI Processing Security

When using AI features that require cloud processing:

  • TLS 1.3 for all network communications
  • Tokenized session management
  • No permanent storage of AI queries on servers
  • Zero-knowledge processing when possible

Encryption Standards

HiddenAI uses industry-leading encryption standards:

Data TypeEncryption MethodKey Management
NotesAES-256-GCMLocal device key
API CommunicationsTLS 1.3Certificate-based
ScreenshotsAES-256-CBCEphemeral session key
AI Model InputsEnd-to-end encryptionRotating keys

Privacy Practices

Data Collection Policy

HiddenAI minimizes data collection to only what's necessary for the application to function properly.

What we collect:

  • Basic app diagnostics (crashes, performance)
  • API usage metrics (for service optimization)
  • Anonymous feature usage statistics

What we DON'T collect:

  • Note contents or AI conversation history
  • Screenshots or desktop content
  • Browsing history or search queries
  • Personal information beyond account basics

Data Retention

We maintain strict data retention policies to ensure your information isn't stored longer than necessary:

  • Cloud-processed AI requests: 24 hours maximum
  • App diagnostics: 90 days
  • Account information: Duration of active account

Third-Party AI Models

When using third-party AI models (OpenAI, Groq, etc.):

  • We process through our secure API gateway
  • Direct API key management for maximum control
  • Ability to opt out of model improvement programs
  • Transparency about which models are used

Compliance & Certifications

Regulatory Compliance

HiddenAI is designed to comply with major data protection regulations:

  • GDPR: Complete data portability, right to be forgotten, and consent management.
  • CCPA/CPRA: California privacy requirements for user data control and transparency.
  • SOC 2 Type II: Currently in process for certification (expected Q1 2026).
  • HIPAA Compliance: While not specifically designed for healthcare, our security architecture helps users maintain compliance.

GDPR Ready

CCPA Compliant

AES-256 Encryption

SOC 2 (In Progress)

Security FAQs

How is my data protected when using AI features?

All AI queries are encrypted in transit using TLS 1.3. We process AI requests through a secure API gateway, which anonymizes requests and doesn't store your conversational history or screenshots permanently. When using your own API keys for third-party models, you maintain full control over your data according to that provider's policies.

Can HiddenAI employees see my notes or conversations?

No. Your notes are stored locally on your device and encrypted. HiddenAI employees have no access to your content. For cloud features like AI processing, we implement technical measures that prevent our team from accessing user data. Our zero-knowledge architecture means we can't see your data even if we wanted to.

Is HiddenAI compliant with my company's security policies?

HiddenAI is designed with enterprise security in mind. We offer detailed security documentation for IT administrators and are happy to complete security questionnaires for corporate deployments. Our local-first architecture means most data stays on your company devices, and we can work with enterprise customers on custom deployment options.

How does the invisibility technology work without compromising security?

Our invisibility technology works at the display driver level, intercepting screen capture requests before they reach HiddenAI's window. This is done through Windows API hooks that operate with standard user privileges—we don't require administrator access or unsafe modifications to your system. The technology is designed to be undetectable but doesn't interfere with security software or monitoring tools.

Security Contact

Responsible Disclosure

We welcome security researchers to responsibly disclose any vulnerabilities discovered in our application.

Please email security@hiddenai.app with:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment

We commit to acknowledging reports within 48 hours and providing regular updates as we address valid security concerns. HiddenAI offers a bug bounty program for significant security findings.

Join Waitlist