Security

Data flow during a live session

Every session follows the same pipeline:

1. Audio capture (local). The desktop app reads your microphone via the OS audio API. Audio bytes never leave your machine.
2. Transcription (local). A bundled Whisper-class speech-to-text model converts audio to text on your CPU/GPU. The transcribed text stays in the app's memory.
3. AI prompt (encrypted to provider). Only the transcribed question, your stored resume context (if uploaded), and a small system prompt are sent over HTTPS to the AI provider you selected at session start (OpenAI, Anthropic Claude, Google Gemini, Groq, or xAI).
4. AI response (encrypted from provider). The AI provider returns the answer over the same encrypted connection. The answer renders in the desktop app overlay.
5. End of session. The transcript and AI response are kept in app memory until you close the session. Optional: you can save a session summary locally to your machine.

What we never do

What we do store

• Account email. Used for login and license-key delivery. Stored encrypted at rest in Supabase.
• License key. One per paid plan. Tied to your email. Stored encrypted at rest.
• Subscription status. Provided by Stripe. We store the tier and billing period; we do not store credit card numbers (Stripe handles those).
• Session counters. Daily/monthly counts of how many sessions you've used (so we can enforce plan limits). We do NOT store the content of those sessions.
• Anonymous error logs. If the desktop app crashes, an anonymized error report (no audio, no transcripts, no PII) is sent to help us debug.

Encryption and transport

• HTTPS/TLS 1.2+ for all API requests from the desktop app and the website.
• Strict-Transport-Security with HSTS preload on copilotinterview.com.
• API keys for AI providers are stored encrypted in the desktop app's local credentials store (OS keychain on macOS, DPAPI on Windows).
• Cloudflare in front of the website with WAF rules and DDoS protection.

Ghost Mode / screen-share safety

The desktop app's main window is rendered via the OS native window manager, not in a browser tab. This means:

• Browser-based screen sharing on Zoom, Teams, and Google Meet only captures the browser tab being shared. The CoPilot Interview window is not in that tab and therefore not in the share.
• Full-display screen sharing WILL show all windows including ours. Users who do full-display sharing can lower CoPilot Interview's opacity to make it visually unobtrusive, or move it to a secondary monitor.
• Most candidates use tab/window sharing rather than full-display, by interviewer convention.

This is a UX feature, not a defeat-the-interviewer guarantee. The screen-share-safety claim covers the common case of standard-window sharing; users are responsible for understanding their own interview-platform settings.

Reporting a vulnerability

If you find a security issue in the desktop app, the website, or the API:

• Email [email protected] with subject "Security: ..."
• Or use the contact in our /.well-known/security.txt (RFC 9116).
• Please give us 30 days to investigate and patch before public disclosure. We respond to all reports within 1 business day.

We don't currently have a paid bug bounty program. We do publicly credit researchers who report valid issues (with permission), and we'll send swag.