Security

The shape of the product

Owlka is a Mac desktop app and an iPhone app. The desktop app does the real work; the iPhone app is the front seat. The two talk to each other through an encrypted relay that we operate but cannot read.

Your code stays on your desktop

The Owlka desktop app launches the Claude tools under your own Anthropic subscription. Your files, your terminal, and your project memory all live on your desktop. We never copy them to a server.

Your conversation is end-to-end between phone and desktop

Every message and every reply is sealed on your phone or your desktop before it leaves the device. Only your paired devices hold the keys. The relay just shuttles sealed packets back and forth.

Pairing happens face to face

The first time you pair a phone with your desktop, you scan a one-time QR code from the desktop app. That exchange is what hands the keys over. Nothing in the keys ever crosses our servers in the clear.

We hold no master key

If you lose your desktop and all your paired phones, we cannot recover your conversation history. There is no Owlka-side decryption key by design.

End-to-end encryption, in detail

Owlka uses well-known, open, public-key authenticated encryption primitives. The exact algorithms are listed below.

Library

TweetNaCl, an open-source implementation of the NaCl cryptography library. The desktop and iPhone apps use the standard public-key authenticated encryption primitive (crypto_box) for every sealed packet.

Key exchange

Curve25519 elliptic-curve Diffie-Hellman. Each paired device pair derives a shared secret without that secret ever travelling over the wire.

Bulk encryption

XSalsa20 stream cipher with a 192-bit random nonce per packet. Nonces are never reused for a given key pair.

Integrity

Poly1305 message authentication code. A tampered packet is rejected on the receiving device; the relay has no way to forge a packet that would be accepted.

Per-pair keypairs

Every phone-and-desktop pair generates its own keypair. Tim's phone paired with his home Mac has a different keypair from Tim's phone paired with his work laptop, and a different keypair again from his wife's phone paired with the same home Mac. Revoking one pair does not affect any other pair.

The content-blind relay, in plain English

The relay is the only piece of Owlka infrastructure your devices talk to. Here is exactly what it does and does not do.

What it sees

Sealed packets, the IP addresses of the connecting phone and desktop, and the timing of each packet. It cannot open the packets.

What it does

Queues sealed packets so a phone that drops off Wi-Fi can pick up where it left off when it comes back. Typical queue depth is minutes.

What it does not do

It does not store conversation history. It does not log packet contents. It does not have a key that would let it.

Where it runs

On a small server we operate, fronted by Cloudflare for DDoS protection and TLS. The server stores no decryption key.

Speech stays on the device

When you dictate to Owlka, the audio never leaves your phone.

On-device transcription

Owlka uses Apple's on-device Speech framework. Your phone transcribes your voice locally and produces text. The audio recording is never sent to Apple, to Owlka, or to anyone else.

Only the text travels

Once the transcript exists on your phone, it is sealed with your pair's keypair and sent to your desktop, exactly like a typed message. We see the same sealed bytes we would see for typed input.

Permission

iOS prompts you the first time you tap the microphone button. You can revoke microphone access at any time in Settings, Privacy and Security, Microphone.

The desktop download

The Mac app is signed and notarised by Apple before it ever reaches you. Your Mac checks the signature on first launch and refuses to run a tampered build.

Mac code signing

The .dmg you download is signed with our Apple Developer certificate and notarised by Apple. macOS Gatekeeper checks both before opening it.

Auto-update (Mac)

Mac updates are downloaded over HTTPS and the Apple signature is checked again before the new build replaces the old one. An update with a broken or missing signature is refused.

What runs locally

The Owlka desktop app, the Claude tools under your own Anthropic subscription, and a small local helper that maintains the encrypted channel to the relay. Nothing else.

The iPhone app

Keys in the Keychain

The keys that pair your phone to a desktop live in the iOS Keychain, protected by the device passcode and Face ID or Touch ID.

Cached messages

The phone caches the messages you have already seen so the UI feels fast. The cache is encrypted at rest by iOS Data Protection.

Removing a phone

Unpairing a phone from the desktop app invalidates that phone's key. After that, sealed packets from the unpaired phone are refused.

Honest disclosures

We would rather lose a sale than mislead you. The items below are limits of the product and the company as they stand today.

We can see metadata, not content

We can see that your phone and your desktop talked, when they talked, and how much data they exchanged. We cannot see what they said. If hiding even that metadata matters to you, an internet-based assistant is the wrong shape.

Anthropic sees what Claude sees

Claude itself runs under your own Anthropic account, on your desktop, talking to Anthropic directly. Whatever you type to Claude reaches Anthropic. Their privacy terms govern that traffic, not ours. Anthropic is not an Owlka sub-processor because the data never passes through us, and Owlka has no partnership with Anthropic.

No SOC 2 or ISO 27001 in Owlka's own name yet

We do not yet hold SOC 2 or ISO 27001 in Owlka's own name. The relay runs on Cloudflare's network (SOC 2 Type II, ISO 27001) and the App Store distribution is Apple's. We will publish our own certification roadmap when we have one.

No model training on your work

Owlka does not train any model. Your code, your prompts, and the work Claude produces for you are not used to train anything by us. Your usage of Claude is governed by your agreement with Anthropic.

Reporting a vulnerability

Contact

If you find a security issue, please email security@owlka.com with details.

Response time

We respond to verified reports within seven days.

Credit

We credit researchers publicly with permission.