FAQ
Security & privacy
Encryption, identity verification, and what ClipHop never sees.
Does my clipboard ever leave my two devices?
No. Clipboard text only travels directly between your two paired devices, over Bluetooth, and only after being encrypted with a session key known to just those two devices. ClipHop has no cloud — the binaries never contact a server.
How is ClipHop’s end-to-end encryption implemented?
Every reconnect runs an X25519 ECDH handshake. The shared secret is fed through HKDF to derive an AES-256-GCM session key. Each message uses a fresh 96-bit nonce with a 16-byte authentication tag. The long-term identity keys that authenticate the handshake are Ed25519, stored in the macOS Keychain and the Android Keystore — never exportable.
Can I verify the connection is secure?
Yes. After pairing, each device displays a short fingerprint derived from the other’s identity public key. If the two fingerprints match, you have cryptographic assurance that nothing has MITM-ed the pairing. You can re-check the fingerprint anytime from Paired Devices.
Can someone else pair to my phone without me noticing?
No. Pairing requires physical access to the phone to open ClipHop, tap Pair, and either scan a QR code or enter a 6-digit code. The handshake is authenticated by both devices’ identity keys, so nothing pairs remotely.
Does ClipHop collect any telemetry or analytics?
No. No analytics, no crash reporters, no user accounts, no ads, no tracking pixels. The one network request ClipHop makes on Mac is an optional once-per-day GET to a static JSON file for version checking, which you can disable in Preferences.