Skip to content

Privacy and Safety Model

Jump to bottom
Jacob Fu edited this page Jun 1, 2026 · 4 revisions

Privacy and Safety Model

Cotabby is designed so that user data never leaves the device. This page explains what Cotabby accesses, what it doesn't, and the invariants contributors must preserve.

Core Principle: Everything Stays On-Device

Both suggestion engines run in-process:

  • Apple Intelligence uses the on-device FoundationModels framework
  • Open Source runs llama.cpp in-process via CotabbyInference

There are no network calls in the suggestion pipeline. No telemetry, no analytics, no cloud API.

What Cotabby Reads

Via macOS Accessibility APIs (requires Accessibility permission):

  • Text value of the focused field (preceding text, trailing text)
  • Selection range and caret position
  • Application name and bundle identifier
  • Field role/subrole for capability checks (e.g., is it a text field? is it secure?)

Cotabby refuses to operate on secure fields - the isSecure flag from the AX tree gates this in FocusSnapshotResolver.

What's Optional

These require explicit user opt-in:

Feature Permission Gate Sanitizer
Clipboard context None (reads pasteboard) isClipboardContextEnabled setting PromptContextSanitizer
Visual context (OCR) Screen Recording Screen Recording system permission OCRTextHygiene + PromptContextSanitizer

Both are off by default until the user enables them.

Visual context never leaves the device or passes through a model: the screenshot is OCR'd on-device, then the recognized text is cleaned by OCRTextHygiene (pure heuristics that drop low-confidence, symbol-noise, and field-echo lines) and sanitized before being folded into the prompt as context. There is no model-summarization step.

What Cotabby Never Does

  • Never transmits data off-device. No network calls in the suggestion pipeline.
  • Never persists prompt content to disk. Model input/output and field text exist only in memory during generation.
  • Never logs user content in production. Debug logging is gated behind the -cotabby-debug launch argument and CotabbyDebugOptions.isEnabled. The gate's doc comment explicitly warns about sensitivity.
  • Never operates in terminals. Automatic blocklist in TerminalAppDetector.

Invariants for Contributors

When adding features, follow these rules:

  1. New context sources must be opt-in. Add a setting toggle and gate the collection behind it. Route through PromptContextSanitizer before injecting into prompts.

  2. No network calls in the suggestion pipeline. If a future feature needs network access, it must be a separate, opt-in subsystem - not wired into the generation path.

  3. Debug logging of user content must be gated. Use CotabbyDebugOptions.log(_:) or check CotabbyDebugOptions.isEnabled before printing anything that could contain user text.

  4. New app/field exclusions go in the evaluator. Use SuggestionAvailabilityEvaluator or TerminalAppDetector for blocklist rules - don't scatter checks through coordinator logic.

Home

Concepts

Guides

Repo Docs

Clone this wiki locally