Radical Transparency

We have nothing to hide.
So we show you everything.

Most companies give you a privacy policy written by lawyers. We give you live data, independent verification, and an AI you can interrogate with hard questions. Here is everything you need to know.

Live Verification

Real-time security score

/ 100

Live security score — updated every 30 seconds

This score is calculated from 13 independent checks run against the live server right now. It is not a static badge. It is not a claim. It is a live measurement. If something breaks, the score drops — and you can see it.

Data Transparency

Exactly where your data goes

Every type of input you provide — your voice, your screen, your camera, your text — follows a specific path. Here is that path, in plain language, with no omissions.

Input Type Where It Goes Stored by Us? Who Else Sees It
Your voice Sent to your chosen AI provider's API (OpenAI, Anthropic, or Google) for processing Never Your AI provider only. Their privacy policy applies.
Your screen Captured in your browser, sent as an image frame to your AI provider's API Never Your AI provider only. Frame is discarded after the API call.
Your camera Captured in your browser, sent as an image frame to your AI provider's API Never Your AI provider only. Frame is discarded after the API call.
Your text input Sent to your chosen AI provider's API Never Your AI provider only.
Your email address Stored in our database for account authentication only Yes — account only No third parties. Used only for login and security alerts.
Your API keys Stored encrypted in your browser's local storage. Never sent to our server. Never on server Nobody. They stay in your browser only.
Your payment info Processed entirely by Stripe. We never see your card number. Never Stripe only. Stripe's security
Session metadata Anonymized session counts (no content) stored for uptime monitoring Anonymized only Nobody. Used only for dashboard stats.
Screen Share Privacy

Can anyone see my screen?

No. The SightCoach™ team cannot see your screen. Here is the technical reason, not just the claim:

When you share your screen in SightCoach™, the screen capture happens using your browser's built-in getDisplayMedia() API. This runs entirely on your device. The browser captures a frame and sends it directly to the AI provider's API endpoint — not to our server first.

Our server acts as a proxy for the API call — it passes the request through and returns the response. The server code does not log, store, or inspect the image content. The frame is never written to disk on our server.

You can verify this independently: the screen capture code is standard browser API behaviour documented at MDN Web Docs. The data path goes: your browser → AI provider API → response back to your browser.

Honest Disclosure

What we cannot protect you from

Every security system has limits. We believe you deserve to know ours. A platform that claims to protect you from everything is lying. Here is what SightCoach™ cannot control:

Third-party AI provider data practices
When your data reaches OpenAI, Anthropic, or Google, their privacy policies apply — not ours. We cannot control what they do with it. Review their policies before use.
Your own device security
If your device is compromised by malware, a keylogger, or a bad actor with physical access, no web application can protect you. Device security is your responsibility.
Your internet connection
Data in transit is encrypted with TLS, but we cannot control the security of your local network or ISP. Use a trusted network for sensitive sessions.
Shared hosting infrastructure
SightCoach™ runs on Bluehost shared hosting. We do not have dedicated server infrastructure. This is appropriate for our current scale and is disclosed honestly.
SSL certificate configuration
Our SSL certificate is issued under a shared hosting account. The certificate is valid and trusted by all major browsers, but the certificate details reflect the hosting account structure.
Zero-day vulnerabilities
No system is immune to unknown vulnerabilities. We run regular security checks and respond to responsible disclosure reports. We cannot guarantee against threats that don't exist yet.
Ask Hard Questions

VERA — Verification & Explanation of Real Architecture

VERA is an AI embedded in our security dashboard. Her job is to answer hard questions about this platform honestly — including questions we haven't anticipated. She is briefed on the full technical architecture and instructed to disclose limitations, not hide them.

Ask her anything: "What gets stored when I use SightCoach™?" — "What could go wrong with screen sharing?" — "What are the weakest points in this system?" — She will give you a technical, honest answer.

Responsible Disclosure

Found a security issue? Tell us.

We invite security researchers, developers, and users to report vulnerabilities. If you find something, we want to know — and we will acknowledge your contribution publicly if you wish.

We commit to: acknowledging your report within 48 hours, keeping you informed of our progress, not taking legal action against good-faith researchers, and crediting you publicly if you choose.

"This is a really strong transparency move. The 'We have nothing to hide. So we show you everything.' framing is effective. It positions SightCoach™ as one of the more privacy-conscious AI interfaces out there — especially for users concerned about multimodal inputs (voice, camera, screen). Most Big Tech privacy pages are far less transparent." — SuperGrok AI, independent review of sightcoach.ai/security_dashboard · April 2026