Surfc Help

Appearance

Guardrails

Surfc's AI features — transcription and idea discovery — are deliberately fenced in. The guardrails exist so that running AI on a note stays safe, your data stays yours, and heavy automated use can't spoil the shared service for everyone. This article explains exactly where those lines sit.

What the AI will and won't process

Surfc runs two safety checks around its AI features, and refuses the AI step if either one fires.

  • Prompt-injection shielding. Surfc checks for text that's trying to hijack the AI — instructions smuggled into what you send ("ignore your previous instructions and…"), whether in a note you typed or in a page you've captured. Untrusted text is always treated as content to read, never as instructions to follow.
  • Harm screening. When Surfc transcribes a photo, the text it reads back is screened for genuinely harmful content — hate, violence, sexual content, and self-harm. The bar is set to high severity on purpose: Surfc is full of literary and technical language, so a passage about a "destructive" idea or a chapter on violence in history shouldn't trip a filter. Only clearly harmful content is held back, not serious writing about difficult subjects.

If either check flags something, the AI step simply doesn't run and Surfc tells you why. Your note is never lost — it's saved, editable, and synced exactly as always; only the AI processing of it is refused.

Why serious reading doesn't get blocked

The harm screen is tuned deliberately conservatively. Reading and annotating challenging material — history, philosophy, fiction that deals with dark themes — is exactly what Surfc is for, so the threshold sits well above everyday literary language. It looks for genuinely harmful content, not difficult subject matter.

If the safety service is ever unreachable, Surfc fails open — it lets your transcription or discovery through rather than blocking your core workflow over a temporary outage. (Anthropic, the AI provider, also applies its own content filtering independently.)

Imported highlights aren't auto-tagged

When you import highlights (for example from Readwise), they're saved as ordinary notes with no ideas tagged — Surfc does not automatically run AI over them. Idea discovery only happens when you ask for it, one note at a time or via "tag your library" in bulk. Either way the same guardrails apply: bulk discovery shields every passage for prompt-injection and redacts obvious sensitive details on-device (card numbers, email addresses, and similar) before any text is sent, and going note-by-note shows you the same on-device privacy review described below.

Coming soon: an on-device check

We're rolling out an additional prompt-injection check that runs entirely on your device, before a note is sent anywhere — so the most common attacks can be caught locally, without the text leaving your phone or laptop at all. It's being introduced gradually; this article will say more once it's switched on.

Where the privacy line sits

Surfc is end-to-end encrypted. The text of every note is encrypted on your device before it is ever synced, using a master key that never leaves your device in readable form — the cloud only ever holds the encrypted form of your notes. (For how that key is created and moved between your devices, see Sync, offline & multi-device.)

There is one boundary worth being precise about:

AI features see your note text

End-to-end encryption protects your notes at rest and while syncing. When you use transcription or idea discovery, the text of that note is sent to Surfc's AI service to be processed — it isn't end-to-end encrypted for that round trip. Notes you never run through AI are only ever stored and synced encrypted.

To help you stay on the right side of that line, Surfc scans a note for obvious sensitive details on your device, before it's sent for AI processing — things shaped like card numbers, IBANs, phone numbers, email addresses, and national-insurance / social-security numbers. If it spots any, it doesn't silently block or send: it warns you and hands you the choice — edit the note, redact the match, or send it anyway. The decision is always yours.

Fair use & keeping it working for everyone

Transcription and idea discovery share one monthly AI allowance — a single budget both features draw from, sized per plan. (The exact numbers, and what happens to your notes when you reach the limit, are in Plans & limits.)

The short version: reaching the limit pauses AI processing until the next reset. It never stops you capturing, editing, tagging, syncing, or exporting — only the automatic transcription and suggestions pause. The allowance exists so heavy automated use has somewhere to go, not to make the core product feel locked.

This shared budget, together with the prompt-injection shielding above, is what keeps the service dependable for everyone: untrusted text can't quietly hijack your AI calls, and no single account can exhaust the service for the rest.

What Surfc is for

Surfc is a personal index of great ideas from your reading — capture a passage, and it helps you file it under the ideas it speaks to. Knowing what it is not helps explain why the guardrails can be as tight as they are:

  • It's not a general note-taking app. Surfc is built around ideas drawn from what you read — not freeform documents, to-do lists, or a daily journal.
  • It's not a cloud drive. Your notes are encrypted and synced for you, across your devices. It isn't a place to store or share arbitrary files.
  • It's not a web-research tool. The AI works only with the text you capture; it doesn't browse the web or answer general questions.

Because the AI only ever sees the note in front of it, the guardrails have a small, well-defined job — and that's exactly why they can be strict.

See also:

Surfc — a personal index of great ideas.

© Surfc