🦆
Ducky
Back to Home
Security Architecture

Zero-Knowledge by Design

Your conversations are protected by strong encryption standards with user-controlled keys. We're building toward Signal-level privacy where you control everything.

Our Philosophy

Privacy-First by Design

Everything will always be as zero-knowledge as possible. We follow industry trends as AI security develops, with the goal that everything stays on your computer unless you choose to share it.

Option 1: Industry Standard

AssemblyAI & OpenAI

For now, we give you the option of using AssemblyAI and OpenAI as the easiest, cheapest, and most fully-featured option, but information is going to large companies. This is the most accessible path for users who want immediate, powerful AI capabilities.

Most features available

Option 2: Privacy-First

WhisperX & Qwen

The second option we currently have is sending your conversations to servers with WhisperX and Qwen that don't ever save any of your information past processing it. This provides a middle ground between full privacy and functionality.

No data retention
Everything is as local as it can be for the time being

The hopeful end goal is that everything stays on your computer unless you share it. We're building toward complete local processing as technology advances.

Technical Architecture

Privacy-First Data Flow

See exactly how your data moves through our system and where encryption is applied.

Your Device

Password-based key derivation
Client-side encryption
Recovery phrase generation
AES-256-GCM

Processing

24hr temporary storage
Audio deleted immediately
Awaiting encryption
Pending → Encrypted

Encrypted Database

User-key encrypted
Audio files deleted
Zero-knowledge storage
PBKDF2 100k iterations
Security Features

How We Keep Your Data Safe

Every feature is designed with your privacy as the top priority.

Audio Auto-Delete

Voice recordings are automatically deleted after successful transcription. Can't leak what doesn't exist.

User-Key Encryption

AES-256-GCM encryption with keys derived from your password using PBKDF2 with 100,000 iterations.

Subpoena Resistant

We cannot decrypt data without your active participation. Even under legal pressure, we have no access to your conversations.

24-Word Recovery

Industry-standard recovery phrase system. Your data can be recovered if you forget your password, but only by you.

Explicit AI Consent

AI processing requires your explicit unlock. Your password is held in memory only during processing, then cleared.

Password Verification

Cryptographic verification canary prevents wrong password acceptance. Secure by design, not just by policy.

Ready to experience privacy-first AI?

Start using Ducky with strong privacy protection and user-controlled encryption.

Get Started Free