Trust and security
Every boundary is visible.
Kith separates what runs locally from what touches the server. Authentication, quotas, billing, and model access are all explicit — nothing is disguised as ambient.
Model access runs through the Kith backend.
The browser extension does not call the AI provider directly. Text and vision requests are sent to the Kith API, which applies authentication and quota checks before forwarding the request to the configured model provider.
- Text and vision requests require an authenticated account.
- Usage is measured against the current plan before analysis is performed.
- The configured model defaults to the Kith backend settings, not an extension-side secret.
Only the relevant slice of the page is intended to be processed.
For text explanations, Kith sends the selected text plus contextual fields such as page title, meta description, URL, headings, and surrounding text. For visual analysis, it sends the marked image region plus the same page context fields.
- Vision requests are capped in the API when the selected image payload exceeds roughly 2.5 MB.
- Saved Archive entries are created separately and only when the product posts a concept record.
Authentication, plan state, and paid controls live outside the extension.
The web account surface owns sign-in, plan upgrades, billing portal actions, and visible quota reporting. Paid checkout and subscription management use Stripe when Stripe is configured for the environment.
- Email sign-in uses a six-digit code flow rather than a password-based login.
- Checkout and billing portal actions are separate from the extension overlay.
Kith is clear about what is not part of the current promise.
The current MVP does not offer a local model path. It also does not publish formal compliance attestations or enterprise security certifications on this site today.
- No on-device AI model is part of the current product path.
- No public SOC, ISO, or similar certification claim is made here.
- Use your own technical and legal review before deploying into regulated or highly restricted workflows.