Security

How ClippyAI handles your screen, your data, and your trust

How ClippyAI reads screen context

ClippyAI is accessibility-tree first. For nearly every task, ClippyAI reads your screen as structured text via the Windows accessibility framework — the same API used by screen readers like Narrator and JAWS.

What that means in practice:

  • ClippyAI sees: button names, label text, control roles (button, list, edit field), bounding-box coordinates, and visible text content.
  • ClippyAI does not see: pixels, raw fonts, drawing primitives, hidden controls, password-field contents, or anything outside the active window's UI tree.
  • The accessibility tree is read on-demand for the current request, never continuously, never cached server-side.

What leaves your device

Each AI request to ClippyAI's backend includes:

  • Your prompt (what you typed or said)
  • The active window's title
  • The relevant accessibility-tree fragment (visible labels, text, control roles, coordinates) for the task

What is never transmitted under any circumstance:

  • Browser history, bookmarks, saved passwords, or autofill data
  • Microphone or webcam input
  • Files or folders unless you explicitly ask Clippy to read one (e.g. "summarize C:\notes.txt")
  • Keystrokes you type outside ClippyAI's chat bubble
  • Screenshots, except as described below

Screenshot fallback behaviour

When the accessibility tree cannot describe what's on screen — for example, a drawing on a Paint canvas, a raster image inside a chat app, or a custom-rendered game UI — ClippyAI may capture a single screenshot of the visible desktop and forward it to the AI provider for that one request only.

  • Screenshots are never stored on our servers.
  • Screenshots are never used to train any AI model.
  • Screenshots are only sent when the task genuinely requires visual understanding.
  • You can disable screenshot capture entirely in ClippyAI's Settings. ClippyAI will then refuse tasks it can't complete from accessibility text alone, rather than capturing the screen.

Confirmation gates for sensitive actions

ClippyAI always pauses and asks for confirmation before:

  • Sending an email, message, or chat reply
  • Deleting a file, folder, calendar entry, or other record
  • Making a purchase or submitting any payment form
  • Posting to public surfaces (forums, social, comments, GitHub issues)
  • Granting permissions or accepting agreements
  • Any irreversible system change

The confirmation prompt names the specific action ("Send this email to bob@example.com?") so you can verify before approving. ClippyAI will not proceed without an explicit "yes".

Data retention

  • Account info (email, license key, plan, billing IDs): kept for the life of your subscription, plus 90 days after cancellation for billing/tax records.
  • Chat messages & screen context: processed in real time and discarded immediately. We do not log conversations.
  • Token usage counts: reset every billing cycle.
  • Diagnostic logs (only when you submit a "Report Issue"): retained 30 days, then auto-deleted.
  • Crash dumps: stored locally in %APPDATA%\ClippyAI\Crashpad on your machine; never auto-uploaded.

AI providers

ClippyAI routes inference requests through a single approved third-party model provider:

  • OpenAI — the AI model provider behind every Clippy response

OpenAI contractually excludes your data from training via their API Zero Data Retention policy. ClippyAI's backend authenticates each request with your license key and enforces your plan's monthly token quota server-side.

Provider list is maintained in the Privacy Policy; material changes are emailed to active subscribers at least 7 days in advance.

Build signing & verification

Every ClippyAI installer and every .exe shipped inside it is code-signed via Azure Trusted Signing, Microsoft's managed signing service. Signatures are RFC 3161 timestamped so they remain valid after the certificate's natural rotation.

Verification details:

  • Publisher (certificate subject): Amro Dabbas
  • Signing service: Azure Trusted Signing (cert profile clippyai-cert)
  • Hash algorithm: SHA-256
  • Verifying on Windows: right-click any ClippyAI .exePropertiesDigital Signatures. Check signer name and "valid" status on the certificate chain.

Distribution paths:

  • New installs: https://download.clippyai.app/ClippyAI-Setup-latest.exe (Cloudflare R2)
  • Auto-updates: served from download.clippyai.app (Cloudflare R2) — verified by electron-updater against a signed latest.yml + per-file blockmaps before installing.

If you are ever offered a ClippyAI installer from any other source, do not run it. Only the path above is official.

Reporting a vulnerability

Found a security issue? Please email hello@clippyai.app with the word SECURITY in the subject line.

We commit to:

  • Acknowledging your report within one business day.
  • Providing an initial assessment within five business days.
  • Crediting you publicly (with permission) once a fix has shipped.

Please give us reasonable time to investigate and patch before publicly disclosing. We do not currently run a paid bug bounty, but we deeply appreciate responsible disclosure and will work with you on coordinated release.

Out-of-scope

The following are not eligible for security reports — they are usability or feature requests, not vulnerabilities:

  • Self-XSS or social-engineering of yourself
  • Issues requiring physical or local-Windows-admin access to the user's machine
  • Reports against deprecated endpoints (e.g. GET /portal?key=...) we already plan to retire
  • Missing security headers without an exploit demonstration

Contact

Security disclosures: hello@clippyai.app (subject: SECURITY)

General questions: hello@clippyai.app