Kanab

Privacy

Your audio, transcripts, and memory live on your laptop.

Kanab is built so the data never has to leave the device. This page describes — in plain language and in technical detail — exactly where your data lives, what we collect, and what we don’t.

Last updated · May 3, 2026

01

What stays on the device

Audio recordings, transcripts, embeddings, and the full memory graph live in a SQLite database on disk, at ~/Library/Application Support/kanab/. You can open it with any tool you like, copy it, encrypt it, or delete it. We do not have a copy.

Transcription, embedding, and search all run locally. Models are downloaded once during onboarding and execute on Apple Silicon (Core ML) and Intel (ONNX Runtime) on your machine.

02

What we never capture

  • We don’t capture your screen.
  • We don’t log your keystrokes.
  • We don’t read window titles or document content.
  • We don’t upload audio or transcripts.
  • We don’t train any model on your data.

03

The one network call we make

By default, the app makes a single outbound HTTPS call: once a day, to license.kanab.dev, to verify your license is active. The request body is a hashed license key. No identifiers, no telemetry payload, no transcript content. You can inspect the call in your firewall or block it — the app continues to work offline within the grace window.

04

Telemetry, off by default

Telemetry is opt-in during onboarding. If you turn it on, Kanab reports anonymous app launches and error counts. The event schema is a closed enum in the source — there is no field where transcript content could leak in, by construction. You can turn it off any time.

05

The MCP server

When you opt in, your editor can read the local memory over MCP at 127.0.0.1 behind a per-install token. The server is read-only by default, never binds to a public interface, and rejects connections without the token. The token lives at ~/Library/Application Support/kanab/mcp-token with mode 0600.

06

Updates

Updates are signed and delivered from updates.kanab.dev. Auto-update can be turned off in settings. The update check sends only a version number. No device identifier, no usage data.

07

Pro and Team plans

On the Pro plan, encrypted cloud recording is opt-in per meeting. Audio is encrypted on your device with a key only you hold and stored at rest in our object store. We cannot read it. On Team, end-to-end encrypted sync uses the same model: per-team keys, never on our servers.

08

Questions or concerns

Email hi@kanab.dev. Vulnerability reports go to the same address — we read every message and respond within 72 hours.