The short version

• Your screen pixels never leave your computer. The AI model that detects content runs entirely on your CPU/GPU. We literally cannot see your screen.
• We store the minimum to make payments and logins work: your email address, an encrypted password hash, and your subscription status.
• No analytics, no telemetry, no third-party trackers are included in the desktop app. The website uses no cookies beyond what your browser keeps for a normal HTTPS visit.
• You can delete your account and all associated data in one click from Settings → Session → Delete account inside the app.

What runs on your device only

The detector loop captures your screen three times per second, runs an on-device neural network (a quantised NudeNet model that ships inside the app bundle), and paints blur overlays on top of any content that matches the triggers you selected. Every part of this happens locally:

• Screen captures are stored in RAM only and discarded after each frame.
• The detection model is loaded from inside the .app bundle — no model download, no model update calls.
• No frame, no detection result, no inference latency, no error trace is ever transmitted anywhere.
• Anti-Glaze does not contain any analytics SDKs, crash reporters, or background telemetry.

You can verify this by running Anti-Glaze offline — protection works identically without an internet connection. The only network calls the app ever makes are the account / payment calls listed below.

What we store, and where

We use two third-party services. Both are scoped strictly to the function listed below; neither has access to your screen data.

Supabase — accounts

Supabase hosts our authentication database (PostgreSQL + their Auth service). When you sign up we store:

• Your email address.
• An encrypted hash of your password (Argon2id; we never see your plaintext password).
• Account creation and last-sign-in timestamps.
• Your plan status (active / inactive) and the Whop membership ID it's linked to.
• Whether you've ever started the 5-minute trial, and when.

That's the entire row in our profiles table. Supabase's privacy policy is at supabase.com/privacy.

Whop — payments

Payments and subscription management run through Whop.com. When you upgrade, Whop handles your card details directly — we never see, store, or transmit card numbers. Whop sends us a webhook with your subscription status, which we mirror into your Supabase profile. We can see:

• Your Whop membership ID.
• Whether the membership is active or cancelled, and when each event happened.
• Which plan (monthly or annual) you're on.

Whop's privacy policy is at whop.com/privacy.

What we don't store

• Any screen capture, detection event, or inference output — not even an aggregate count.
• Your card number, expiry, or CVC (Whop holds those, not us).
• Your name, IP address, device identifier, or location.
• Your browsing history, app usage patterns, or feature-level analytics.
• Any keystroke data — the global hotkey listener only reacts to the configured combos and discards everything else.

Your rights

You can change your email or password from Settings → Account inside the app.

You can cancel your subscription from Settings → Subscription. Cancellation is end-of-period — your access stays active until the date you've already paid for, then turns off automatically.

You can delete your account and every associated record from Settings → Session → Delete account. This cancels your Whop subscription, then irreversibly removes your Supabase profile row and authentication record. After deletion we keep nothing.

If you can't reach the in-app controls (locked out, app broken, anything) email us directly and we'll handle it manually.

Permissions Anti-Glaze asks for

• Screen Recording (macOS) — required for the detector to see what's on your screen. Without it the app cannot function. Captures stay in RAM.
• Accessibility (macOS) — required so the global hotkeys (toggle, pause, place manual blur, remove blur, clear manual blurs) fire while you're using other applications. The accessibility permission is used only to listen for those specific key combinations.
• Open at login — opt-in on first launch. Installs a per-user LaunchAgent that opens Anti-Glaze when you log in. Disable it any time in Settings → General → Open at login.

Contact

Questions, deletion requests, or anything else: hello@anti-glaze.app.

Changes to this policy

If the data we collect or how we handle it changes, this page is updated and the "Last updated" date at the top changes with it. Material changes get an in-app notice on your next launch.