Trust & Transparency

The claims that matter, with source pointers.

Short version: native overlay behavior, managed provider access, no transcript logging, encrypted local sessions.

Screen-capture exclusion

The app sets the overlay window sharing policy to .none in normal operation, which is the native macOS exclusion path used by screen-capture APIs.

sharingType = .none

Accessory app mode

Opaq runs as an accessory app, so it stays out of the Dock, Cmd-Tab, and the standard app-switching flow.

LSUIElement = true

Managed provider keys

The desktop app authenticates with Opaq and receives short-lived provider credentials from the backend. Users do not paste Anthropic, Deepgram, or OpenAI keys into the app.

POST /api/credentials

Deepgram no-log flag

The live transcription WebSocket includes Deepgram's no_log flag by default.

no_log=true

Encrypted local sessions

Session files are sealed with AES-GCM, using a per-install key stored in the macOS Keychain.

AES.GCM.seal(...)

Local sync control

Session sync is gated by user preference, and proctored sessions force sync off.

syncEnabled(for:)