Legal
Security
Darvy reads your screen and types on your behalf. That's a lot of trust to ask for. Here's what we do with it.
Status
Coming soon. A full security overview, including our third-party data flow diagrams, will be published here and in the project's legal/ directory on GitHub.
What stays on your machine
- Your account passwords and login cookies for Google, Microsoft, etc.
- Documents, emails, and files Darvy reads to answer your question.
- Conversation history (if you enable history — off by default).
- Your license key (stored in your OS keychain).
What leaves your machine
- Microphone audio goes to a speech-to-text provider for transcription. Audio is not retained by that provider after transcription.
- Transcribed text and tool descriptions go to a large-language-model provider to decide what action to take. We do not opt in to provider-side training.
- Reply text goes to a text-to-speech provider to generate the voice you hear.
- Crash diagnostics (anonymous) go to our error reporting service if Darvy crashes.
Payment data
Card details go directly from your browser to Polar, our PCI-compliant payment processor. We never see them. We see only your email address and a Polar customer ID.
Responsible disclosure
If you find a security vulnerability — in this website, the desktop app, or our license server — please report it to support@darvy.ai with "Security" in the subject. We'll acknowledge within 48 hours and work with you on a coordinated disclosure timeline. We don't have a paid bug bounty programme yet but we'll publicly credit you (with permission) once a fix ships.
More detail
For deeper technical detail — data flow diagrams, subprocessor list, retention windows — see email support. A canonical version will be committed to legal/security.md.
Last updated: 2026-05-18.