S·OTTO
MIC LIVE

    Nothing here yet. Hold the orb (or the space bar) and speak — or just type below.
    Everything stays in this tab until you send a message to your own Claude.

    no server · no account · key stays in this browser model:

    Settings

    Stored only in this browser’s localStorage and sent only to api.anthropic.com — Sotto has no server that could ever see it. Get a key at console.anthropic.com.

    Key at rest (optional lock)

    Locking seals the key with AES-256-GCM under a key derived from your passphrase (PBKDF2-SHA-256, 310,000 it. — the same construction as Chiave, our sign-in reference). localStorage then holds only ciphertext; you unlock once per session, and forgetting the passphrase means re-entering the key. Without a lock, the key sits readable in this browser’s localStorage — any code or person with access to this browser profile can read it.

    Billed to your own Anthropic account at your account’s rates.

    Speech-to-text engine
    Erase everything

    Wipes your API key, all settings, and this session’s conversation from the browser. Nothing else exists to erase — there is no server copy.

    Privacy — who sees what

    Sotto is a static page. There is no Postern server, no account, no telemetry, and no analytics. Your API key and settings live in this browser’s localStorage; the conversation lives in this tab’s memory and is gone when you close it. The honest ledger:

    Your words → Anthropic (when you send a message)

    Each turn, the conversation text is sent from your browser directly to api.anthropic.com, authenticated with your key — no middleman relays or logs it. Anthropic processes it under your agreement with them (their usage and data-retention terms apply). If you never send a message, nothing is ever transmitted.

    Your voice → your browser’s vendor (only while you hold to talk)

    Voice input uses the browser’s Web Speech API. In Chrome and most browsers this sends your audio to the browser vendor’s servers for transcription — so speech input is not fully private. It is strictly push-to-talk: the microphone is captured only while you hold the orb or the space bar, never in the background. Want zero audio leaving the machine? Type instead — the text path is fully local until you hit send. The real product ships an on-device Whisper (whisper.cpp/WASM) engine in the same slot.

    Spoken replies — on-device

    Text-to-speech uses your operating system’s voices via speechSynthesis. Audio is generated locally and does not leave the device.

    Key, settings, conversation — this browser only

    API key + preferences: localStorage. With the optional lock set in Settings, the key is stored only as AES-256-GCM ciphertext sealed under your passphrase; without it, it is readable in localStorage — Settings says so plainly. Conversation + timers: tab memory only, never persisted. “Erase everything” in Settings wipes all of it instantly.

    What we won’t claim: Sotto is not “100% private.” Anything you send to a model necessarily reaches Anthropic, and spoken input may reach your browser vendor. What Sotto guarantees is no extra parties: no Postern servers, no resellers, no analytics — the only network destination in this page’s code is api.anthropic.com. The source is one readable HTML file; verify it yourself.