Heat Signature aspires to give authors credit for the struggle of writing, not add to it. To that end, we’ve designed the service from the ground up to be anonymous, silent and transparent in its conclusions. The full privacy policy has the nitty gritty, but here are the broad strokes of how we stay out of the way:

We don’t read (or store) your documents

You’re probably tired of hearing this already, but just in case: Heat Signature determines authorship from the rhythm of your keystrokes rather than a statistical analysis of your language. You could be admitting to a bank robbery, and to us it’s just an anonymous signal indicating you probably didn’t use AI to write your confession.

No key listeners (so far)

The trade-off for ignoring your words is that Heat Signature needs to record the timing of your typing during composition. We’re launching on Google Docs because it saves this information already. If we need to collect the data ourselves to support other platforms, it will be with explicit notification.

Text cannot be reconstructed from the metadata

Some rather alarming research has demonstrated that even the audio of a person’s keystrokes captured over a video call is sometimes enough to reconstruct what they were writing. (Reminder: Mute!) This sort of attack depends on exact key-by-key signals. To protect against this risk, the timestamped keystroke data that we analyze is batched into groups of a few keys at a time, making this sort of attack supremely implausible even if our servers were compromised.

Annotated results are only on your machine

When you submit a document, you’ll get it back annotated with Heat Signature’s analysis to keep the model accountable if it came to the wrong conclusion. This can look like our servers read the text, but it is only a reconstruction of the document on your local computer (via the Chrome extension, which is just a small program your machine runs). On our end, the data is only represented by the indices of a long string of characters we never see.

Text verification is all encoded

To confirm that pasted text matches words we’ve never read, we store cryptographic fingerprints of your document (generated by the Chrome extension) that are designed for comparison, not decoding. If someone pastes text into the verification page to see if it matches yours, their browser runs it through the same algorithm to see if the resulting gibberish matches the original.

As always, reach out if you see anything that gives you pause. Or if you just feel like complaining. chris@heatsig.io