FluentView evidence
Privacy and safety

Know what stays local, what leaves, and what can act.

Fluent separates raw signals, planner context, and Windows actions so each boundary can be inspected.

Read the short answer
Short answer

Is Fluent private and safe?

Fluent keeps raw speech audio on the Windows device for local transcription and does not persist raw gaze samples. It sends the resulting text request and relevant structured context to the hosted planning provider configured by the user. Fluent has cancellation, action visualization, safety classification, and confirmation mechanisms, but its published research record identifies unresolved consequence-approval and product-hardening gaps. It should be treated as preview software, not a finished safety guarantee.

Evidence at a glance

The useful details, side by side.

Fluent input and action data flow based on the current public implementation.
Data or actionCurrent handlingImportant limit
Speech audioCaptured for one command and transcribed locally with whisper.cppThe transcript can contain sensitive spoken content
Text requestSent to the configured hosted planning providerProvider terms, retention, and security still apply
Raw gaze samplesHeld briefly in memory and not included in agent inputCamera processing and local calibration require separate consent
Gaze targetResolved locally to structured semantic metadataName, role, process, bounds, and timing may reach the planner
UI observationsAutomation can inspect Windows accessibility information needed for the taskVisible app content may be sensitive
CredentialsDeveloper preview uses environment configurationProduct-grade setup and credential storage remain release-gate work
ActionsExecuted through bounded Windows automation tools with visible feedbackNot every consequential path is fully hardened yet
Activity and memoryPreview features exist in the appExport, deletion, retention, and diagnostics controls remain release gates
Website analyticsOptional PostHog analytics load only when a project token is configured; session replay is disabledPage, interaction, browser, and device metadata can reach the configured PostHog host

Speech stays local until it becomes text

The Fluent wake listener and command transcription run on the Windows device. A bundled whisper.cpp runtime converts captured command audio into text. No cloud speech API receives the raw audio.

Local transcription does not make the whole task offline. The resulting text request is sent to the hosted planning provider selected by the user. That provider may also receive textual UI context needed to plan the requested action. Users should review the provider's own retention, account, and data-use terms.

Gaze is opt-in context, not activation

Gaze is disabled by default. When enabled, raw samples remain in a short in-memory buffer and are not persisted or included in agent input. WebGazer calibration data may remain in local browser storage.

A stable fixation can be resolved locally to an accessibility element. Structured fields such as accessible name, role, process, bounds, fixation duration, and timestamp may accompany a submitted request. The planner is instructed to treat this target as untrusted context and never as a coordinate-click command.

Visible action does not equal complete safety

Fluent displays action progress, supports cancellation, redacts sensitive action previews, classifies tool risk, and includes confirmation behavior. Those controls are meaningful, but the current product audit found that consequential actions can still bypass the intended approval story through some generic automation paths.

The alpha gate requires all consequential-action fixtures to pause and denial to execute zero times. Until that gate is demonstrated on an installed build, users should avoid sensitive, irreversible, financial, publishing, account, or system-changing tasks.

The release standard is user ownership

The release scorecard requires legible activity, memory, logs, diagnostics, bounded retention, and export and deletion controls before public release. It also requires secure provider setup, signed distribution, update and rollback behavior, and an accurate public privacy contract.

The public website can optionally initialize PostHog when a project token is configured. That setup keeps anonymous visitors out of person profiles and disables session replay, but ordinary page, interaction, browser, and device metadata can still reach the configured PostHog host.

Current developers should keep API keys in an untracked .env file, use the example configuration, avoid sensitive test data, and review generated logs and activity.

Direct answers

Questions people ask before trying Fluent.

Does Fluent upload my microphone recording?
No cloud speech service receives the raw recording. Command audio is transcribed locally. The transcript is then used by the configured hosted planner.
Does Fluent store my raw gaze data?
The documented current contract keeps raw gaze samples in a short in-memory buffer and does not persist or send them to the planner. Local WebGazer calibration data may remain in browser storage.
Can Fluent perform a harmful action by mistake?
Any automation preview carries risk. Fluent has safety and cancellation controls, but this disclosure lists unresolved approval bypasses. Avoid high-consequence tasks until the relevant gates pass.
Where should API keys be stored?
The developer preview uses untracked environment configuration. Never commit keys. Product-grade credential setup and storage are still release requirements.
Check the record

Sources and product disclosures.

  1. Fluent research methodSafety findings, data controls, and release gates.
  2. Voice and gaze control guideRaw gaze, calibration, and semantic target handling.
  3. Windows voice control guideLocal speech transcription and hosted planning disclosure.
Written and maintained byJason Matthew Suhari

Creator of Fluent. Product claims are reviewed against the current implementation and published limits.

GitHub profile
Inspect before you trust

Judge Fluent by the evidence.

Read the method, inspect the limits, and evaluate the current preview against published thresholds.

Read the research method