Desktop app

The desktop binary ships with its own UI (no internet connection required to open it after the first sign-in) and talks to the web API over HTTPS with a short-lived JWT.

Audio capture

• Microphone (interviewer): captured from the system microphone. The app asks for permission the first time you start a recording.
• System audio (candidate): captured via ScreenCaptureKit on macOS and WASAPI loopback on Windows. macOS asks for Screen Recording permission the first time — grant it once in System Settings → Privacy & Security → Screen Recording.
• Linux: microphone only. System-audio capture isn't supported because there's no portable equivalent of ScreenCaptureKit / WASAPI loopback.

What leaves your machine

Audio frames are streamed to our STT proxy (a Cloudflare Worker) over WebSocket; the proxy forwards them to the speech-to-text provider (Deepgram by default, AssemblyAI / RevAI as fallback). Final transcript lines come back the same path and are POSTed to /api/edge/analyze-chunk for AI analysis. Nothing else leaves the machine.

Where things are stored

• Access token (Clerk JWT): encrypted at rest by the OS keychain via tauri-plugin-store. Cleared on sign-out.
• Transcripts and scorecards: in the cloud database, scoped to your organization. The desktop app does not keep a local copy by default.
• Audio: never persisted to disk (live mix → WebSocket → STT, then discarded).

Platform notes

macOS

• Requires macOS 14 Sonoma or newer.
• First launch: Right-click → Open (one-time Gatekeeper prompt) — even though the binary is signed and notarized, the very first launch from outside the App Store benefits from explicit consent.
• The Tauri auto-updater verifies releases with a minisign signature; the public key is baked into the binary.

Windows

• Requires Windows 10 or 11, 64-bit.
• SmartScreen may warn on first launch (we are working on Authenticode signing). Click More info → Run anyway.