Trust

Security starts with local-first control and clear provider boundaries.

ExtraBrain keeps the live workflow on your Mac and can run AI locally on compatible hardware, but users should still treat provider credentials, screenshots, transcripts, audio, and release verification carefully.

Read privacy

Summary

Key takeaways

ExtraBrain Security and Privacy Controls is part of ExtraBrain's local-first Mac workflow for live interviews, meetings, transcription, provider control, and responsible AI use.

Page focus

Platform fact

ExtraBrain has 1 current public platform family, macOS, with support for 2 Mac CPU families: Apple Silicon and Intel.

Data-flow fact

ExtraBrain has 3 configurable data paths to review before sensitive work: local Parakeet transcription, local Gemma 4 where installed and compatible, and external providers you choose.

Trust

Security practices

Local Gemma 4 availability

Use local Gemma 4 when compatible hardware is available and your workflow requires local model requests.

Provider keys

Use dedicated provider keys or accounts where possible for external providers, and rotate them after suspected exposure.

Release checks

Download from the first-party download page or official GitHub releases and review published digests when available.

Sensitive sessions

Avoid sending regulated, confidential, or policy-restricted content to external providers unless you have approval.

Trust

Security review checklist

Before install

Confirm the release source, asset name, version, checksum availability, and current release notes.

Before provider setup

Use scoped provider credentials where possible and document which external services can receive prompts, screenshots, transcript text, or audio.

Before team rollout

Map interview, workplace, privacy, and compliance expectations before recommending any live AI assistant workflow.

FAQ

Common questions.

Short answers for people and crawlers comparing ExtraBrain with other live AI assistants.

Is ExtraBrain secure by default?

ExtraBrain is local-first and can keep requests on-device with local transcription and local Gemma 4 where installed and compatible, but security depends on setup, provider choices, credentials, and session content.

How should I handle provider keys?

Use provider credentials you control, store them only where the app expects them, and rotate or revoke keys after suspected exposure.

Where should I download ExtraBrain?

Use the first-party download page or the official GitHub Releases page, then review release notes and published digests when available.