Real-time security score
Live security score — updated every 30 seconds
This score is calculated from 13 independent checks run against the live server right now. It is not a static badge. It is not a claim. It is a live measurement. If something breaks, the score drops — and you can see it.
Exactly where your data goes
Every type of input you provide — your voice, your screen, your camera, your text — follows a specific path. Here is that path, in plain language, with no omissions.
| Input Type | Where It Goes | Stored by Us? | Who Else Sees It |
|---|---|---|---|
| Your voice | Sent to your chosen AI provider's API (OpenAI, Anthropic, or Google) for processing | Never | Your AI provider only. Their privacy policy applies. |
| Your screen | Captured in your browser, sent as an image frame to your AI provider's API | Never | Your AI provider only. Frame is discarded after the API call. |
| Your camera | Captured in your browser, sent as an image frame to your AI provider's API | Never | Your AI provider only. Frame is discarded after the API call. |
| Your text input | Sent to your chosen AI provider's API | Never | Your AI provider only. |
| Your email address | Stored in our database for account authentication only | Yes — account only | No third parties. Used only for login and security alerts. |
| Your API keys | Stored encrypted in your browser's local storage. Never sent to our server. | Never on server | Nobody. They stay in your browser only. |
| Your payment info | Processed entirely by Stripe. We never see your card number. | Never | Stripe only. Stripe's security |
| Session metadata | Anonymized session counts (no content) stored for uptime monitoring | Anonymized only | Nobody. Used only for dashboard stats. |
Can anyone see my screen?
No. The SightCoach™ team cannot see your screen. Here is the technical reason, not just the claim:
When you share your screen in SightCoach™, the screen capture happens using your browser's built-in getDisplayMedia() API. This runs entirely on your device. The browser captures a frame and sends it directly to the AI provider's API endpoint — not to our server first.
Our server acts as a proxy for the API call — it passes the request through and returns the response. The server code does not log, store, or inspect the image content. The frame is never written to disk on our server.
You can verify this independently: the screen capture code is standard browser API behaviour documented at MDN Web Docs. The data path goes: your browser → AI provider API → response back to your browser.
What we cannot protect you from
Every security system has limits. We believe you deserve to know ours. A platform that claims to protect you from everything is lying. Here is what SightCoach™ cannot control:
VERA — Verification & Explanation of Real Architecture
VERA is an AI embedded in our security dashboard. Her job is to answer hard questions about this platform honestly — including questions we haven't anticipated. She is briefed on the full technical architecture and instructed to disclose limitations, not hide them.
Ask her anything: "What gets stored when I use SightCoach™?" — "What could go wrong with screen sharing?" — "What are the weakest points in this system?" — She will give you a technical, honest answer.
Found a security issue? Tell us.
We invite security researchers, developers, and users to report vulnerabilities. If you find something, we want to know — and we will acknowledge your contribution publicly if you wish.
We commit to: acknowledging your report within 48 hours, keeping you informed of our progress, not taking legal action against good-faith researchers, and crediting you publicly if you choose.