Download & Install

Ubik Studio runs on Mac, Windows, and Linux. Head to our download page to grab the latest version.

Which version do I need?

Mac — Works on all recent Macs (Apple Silicon and Intel). Download the .dmg file.
Windows — Works on Windows 10 and later. Download the .exe installer.
Linux — Available as AppImage, .deb, or .rpm depending on your distribution.

If your computer is from the last few years, you're good to go.

How to install

Mac

Open the .dmg file you downloaded
Drag Ubik Studio into your Applications folder
Open it from Applications

Windows

Double-click the installer you downloaded
Follow the on-screen prompts
Open Ubik Studio from the Start Menu

Linux

Download the package for your distribution
Install it with your package manager, or run the AppImage directly

Staying up to date

Ubik Studio updates itself automatically. When a new version is ready, you'll see a gentle prompt to restart the app. That's it — no manual downloads needed.

Getting Started

Welcome to Ubik Studio. Let's walk through the basics so you can start working right away.

Step 1: Open the app

After installing, open Ubik Studio like any other application. You'll see the home screen where you can create or open a workspace.

Step 2: Create a workspace

A workspace is where your research lives. Think of it as a dedicated folder for a project.

Click Create Workspace
Give it a name (like "Climate Research" or "Thesis Notes")
Pick where to save it on your computer
Click Create

That's it — your workspace is ready.

Step 3: Add your documents

Bring in the files you want to work with:

Drag and drop files directly into the app window
Use File > Import from the menu bar
Click the + button in the sidebar

Ubik Studio works with PDFs, Word documents, images, and more.

Step 4: Start exploring

Once your documents are in, you can:

Ask questions about your files using the AI panel
Get summaries of long papers and reports
Search by meaning — describe what you're looking for in plain language

Select any text or document and the AI panel will offer ways to help.

You're all set!

That's the basics. From here you might want to explore your workspace in more detail, learn about AI features, or read the story behind the new Ubik.

Your Workspace

A workspace is like a folder for a project. Everything you add to it — documents, notes, search results — stays together in one place on your computer.

Creating a workspace

From the home screen, click Create Workspace
Name it something meaningful (a project name, a research topic, anything)
Choose where to save it on your computer
Click Create

You can have as many workspaces as you need. One per project, one per class, one per curiosity — it's up to you.

What's inside a workspace

Each workspace contains:

Your documents — PDFs, papers, reports, anything you've imported
Your notes — Annotations, highlights, and AI-generated summaries
Your library — Papers discovered through search are saved here automatically

Everything stays local

Your files never leave your computer. When you add a document to Ubik Studio, it's stored right on your machine — not uploaded to a server. This means:

Your research is private by default
Everything works without an internet connection
There's no waiting for uploads or downloads

Switching between workspaces

Click the workspace name in the top-left corner to see all your workspaces. Switch between them anytime — each one picks up right where you left off.

Finding things

Use the search bar (or press the search shortcut) to find anything in your current workspace. You can search by title, by content, or just describe what you're looking for in your own words.

AI Features

Ubik Studio's AI is designed to help you understand your research, not replace your thinking. Here's what it can do.

Ask questions about your documents

Select a document (or several) and ask a question in the AI panel. For example:

"What are the main findings of this paper?"
"Summarize the methodology section"
"What does this study say about X?"

The AI reads your documents and answers based on what's actually in them — with references you can check.

Get summaries

Working with a long paper? The AI can summarize it for you, section by section or as a whole. This is especially helpful when you're reviewing many papers and need to decide which ones deserve a closer read.

Traceable citations

When the AI generates text, every claim links back to a specific quote in your documents. You can click any citation to jump straight to the source. Change the citation format to match your needs (APA, MLA, Chicago, or custom).

Highlights and annotations

Ubik's agents can annotate your documents automatically — highlighting key passages and attaching summaries. These annotations are broken down carefully so that fragmented claims scattered across a document are captured and rebuilt into clear, traceable notes.

Search by meaning

Type what you're looking for in plain language. Instead of matching exact keywords, Ubik finds documents and passages that are about what you mean. "That paper about migration patterns" works even if those exact words don't appear in the title.

Choose your model

Ubik Studio lets you pick the AI model that works best for you — whether that's a frontier model, something experimental, or a local model running on your own machine. You're in control.

Settings

Open Settings by clicking the gear icon in the sidebar or using the keyboard shortcut.

Appearance

Choose between light and dark themes, or let Ubik match your system preference. Adjust text size if you'd like things larger or smaller.

AI preferences

Pick your preferred AI model and configure how the AI behaves. You can switch models anytime depending on what you're working on.

Updates

Ubik Studio updates automatically, but you can choose which release channel you prefer:

Stable — Recommended for most people. Well-tested releases.
Beta — Try new features a little early.
Nightly — The very latest. Best for developers or the adventurous.

Change your channel in Settings and the next update will come from that track.

Keyboard shortcuts

Action	Mac	Windows / Linux
Search	Command + K	Ctrl + K
Settings	Command + ,	Ctrl + ,
New Workspace	Command + N	Ctrl + N
Open Workspace	Command + O	Ctrl + O

Security Overview

Last Updated: February 3, 2026

Security is foundational to Ubik. This document describes how we protect your data, our security practices, and how you can help keep your account secure.

1. Our Security Commitment

We take security seriously. Your research data, datasets, and intellectual property deserve protection. We implement industry-standard security measures and continuously improve our security posture.

Our commitments:

Encryption of data in transit and at rest
Regular security assessments and penetration testing
Incident response procedures
Transparent communication about security issues
Compliance with applicable regulations

2. Infrastructure Security

2.1 Cloud Infrastructure

Our web platform is hosted on enterprise-grade infrastructure:

Component	Provider	Security Features
Web Hosting	Vercel	Edge network, DDoS protection, SOC 2
Database	AWS RDS	Encryption, automated backups, VPC isolation
File Storage	AWS S3	Server-side encryption, access logging
Authentication	Clerk	SOC 2, GDPR compliant
Payments	Stripe	PCI DSS Level 1

2.2 Network Security

TLS 1.3 for all connections (HTTPS only)
HSTS (HTTP Strict Transport Security) enabled
Certificate transparency monitoring
DDoS protection via CDN edge network
Web Application Firewall (WAF) for common attacks
Rate limiting to prevent abuse

2.3 Data Center Security

Our infrastructure providers maintain:

SOC 2 Type II certification
ISO 27001 certification
Physical security controls (biometrics, 24/7 monitoring)
Redundant power and cooling
Geographic redundancy

3. Data Encryption

3.1 Encryption in Transit

All data transmitted between you and Ubik is encrypted:

Connection	Encryption
Web browser → Servers	TLS 1.3
Desktop app → Servers	TLS 1.3
API requests	TLS 1.3
Internal services	mTLS

3.2 Encryption at Rest

Data stored on our servers is encrypted:

Data Type	Encryption	Key Management
Database	AES-256	AWS KMS
File storage	AES-256	AWS KMS
Backups	AES-256	AWS KMS
Logs	AES-256	AWS KMS

3.3 Desktop Application

Local data on your device:

Data Type	Protection
Projects/Data	AES-256 encryption
Credentials	OS secure storage (Keychain/Credential Manager)
Session tokens	Encrypted, short-lived
Local cache	Encrypted

4. Application Security

4.1 Secure Development

We follow secure development practices:

Code review required for all changes
Static analysis (SAST) in CI/CD pipeline
Dependency scanning for vulnerabilities
Secret scanning to prevent credential leaks
Security-focused code guidelines

4.2 Authentication Security

We use Clerk for authentication, providing:

Multi-factor authentication (MFA) support
Passwordless options (magic links, passkeys)
Brute force protection (rate limiting, lockouts)
Session management (secure tokens, expiration)
OAuth/SSO integration (Google, GitHub, Microsoft)

4.3 Authorization

Role-based access control (RBAC) for team features
Principle of least privilege for internal access
API key scoping with granular permissions
Audit logging for sensitive actions

4.4 Input Validation

We protect against common attacks:

SQL injection — Parameterized queries, ORM usage
XSS — Input sanitization, Content Security Policy
CSRF — Token-based protection
Path traversal — Input validation, sandboxing

5. Desktop Application Security

5.1 Code Signing

The desktop application is signed to verify authenticity:

Platform	Signing
Windows	Microsoft Authenticode (EV certificate)
macOS	Apple Developer ID + Notarization
Linux	GPG signatures

Always download from official sources to ensure you have genuine software.

5.2 Update Security

Updates are signed and verified before installation
Update server connections use certificate pinning
Rollback capability if updates cause issues
Security updates can be auto-installed

5.3 Sandboxing

The desktop application:

Runs with minimal system privileges
Isolates the Python sidecar process
Restricts file system access to necessary directories
Uses secure IPC for inter-process communication

5.4 Local Data Protection

Sensitive data encrypted with AES-256
Credentials stored in OS secure storage
Memory cleared after sensitive operations
Secure deletion of temporary files

6. Access Controls

6.1 Employee Access

We limit internal access to your data:

Principle	Implementation
Least privilege	Employees only access what's needed for their role
Need-to-know	Data access requires business justification
Access reviews	Quarterly review of access permissions
Separation of duties	Critical operations require multiple approvals

6.2 When We Access Your Data

We only access your data when:

You explicitly request support
Investigating reported security issues
Required by law (with legal process)
Preventing imminent harm

We never access your data for:

Marketing purposes
Selling to third parties
Training public AI models (without consent)
Satisfying curiosity

6.3 Audit Logging

We maintain logs of:

Administrative access to systems
Data access by employees (when it occurs)
Security-relevant events
Authentication events

Logs are retained for security analysis and compliance.

7. Third-Party Security

7.1 Vendor Assessment

Before using third-party services, we evaluate:

Security certifications (SOC 2, ISO 27001)
Privacy practices and compliance
Data handling procedures
Incident response capabilities
Contractual security requirements

7.2 Key Third Parties

Service	Purpose	Security Standards
Clerk	Authentication	SOC 2, GDPR
Stripe	Payments	PCI DSS Level 1
Vercel	Hosting	SOC 2, ISO 27001
AWS	Infrastructure	SOC 2, ISO 27001, FedRAMP
PostHog	Analytics	SOC 2, GDPR
OpenAI	AI features	SOC 2, enterprise agreements
Anthropic	AI features	SOC 2, enterprise agreements

7.3 Data Processing Agreements

We have Data Processing Agreements (DPAs) with all processors handling personal data, ensuring GDPR and other regulatory compliance.

8. Incident Response

8.1 Our Process

We have a documented incident response plan:

Detection — Monitoring, alerts, user reports
Triage — Assess severity and scope
Containment — Limit impact immediately
Investigation — Determine root cause
Remediation — Fix the vulnerability
Recovery — Restore normal operations
Post-mortem — Learn and improve

8.2 Notification

In case of a security incident affecting your data:

Severity	Notification Timeline
Critical (data breach)	Within 72 hours
High (potential exposure)	Within 7 days
Medium (no data exposure)	In next security update
Low (minimal impact)	Documented in changelog

We notify:

Affected users via email
Regulatory authorities as required
Public disclosure for significant incidents

8.3 What We'll Tell You

In case of an incident, we disclose:

What happened (to the extent known)
What data was affected
What we're doing about it
What you should do (if anything)
How to contact us with questions

9. Vulnerability Management

9.1 Security Testing

We conduct regular security assessments:

Type	Frequency
Automated scanning	Continuous
Dependency audits	Weekly
Internal security review	Monthly
External penetration testing	Annually

9.2 Responsible Disclosure

We welcome security researchers to report vulnerabilities:

Email: security@ubik.studio

What to include:

Description of the vulnerability
Steps to reproduce
Potential impact
Your contact information

Our commitment:

Acknowledge receipt within 48 hours
Provide status updates
Work to fix valid issues promptly
Credit researchers (if desired)
No legal action against good-faith researchers

Please do not:

Access other users' data
Disrupt service availability
Publicly disclose before we've fixed the issue
Use automated scanners that generate excessive traffic

9.3 Bug Bounty

We may offer rewards for significant vulnerabilities. Contact security@ubik.studio for current program details.

10. Compliance

10.1 Regulatory Compliance

We design our systems to support compliance with:

Regulation	Status
GDPR	Compliant
CCPA/CPRA	Compliant
SOC 2 Type II	In progress
HIPAA	Not currently (contact for healthcare needs)

10.2 Data Residency

By default, data is stored in the United States. Enterprise customers may request specific data residency arrangements.

10.3 Data Processing Agreements

Enterprise customers can request:

Custom Data Processing Agreements (DPAs)
Standard Contractual Clauses (SCCs) for international transfers
Business Associate Agreements (BAAs) for healthcare (limited availability)

Contact info@ubik.studio for compliance documentation.

11. Your Security Responsibilities

Security is a shared responsibility. Here's how you can help:

11.1 Account Security

Use strong, unique passwords (12+ characters, mixed types)
Enable MFA — Settings → Security → Two-Factor Authentication
Don't share credentials — Each user needs their own account
Review connected devices — Settings → Security → Sessions
Log out on shared devices

11.2 Desktop Application

Download from official sources only — ubik.studio or official app stores
Keep the app updated — Security patches are important
Use device encryption — BitLocker (Windows), FileVault (macOS), LUKS (Linux)
Lock your device when away
Use antivirus software and keep it updated

11.3 Data Handling

Back up important data — Don't rely solely on cloud storage
Be careful with exports — Downloaded data isn't encrypted
Review sharing settings — Know who can access your projects
Report suspicious activity — Contact us immediately

11.4 Phishing Awareness

We will never:

Ask for your password via email
Send unexpected attachments
Request payment via unusual methods
Pressure you to act immediately

If you receive suspicious communications claiming to be from Ubik, forward them to security@ubik.studio.

12. Security Features

12.1 Available to All Users

Two-factor authentication (MFA)
Session management
Login notifications
Password requirements
Secure password reset

12.2 Professional Features

API key management
Access logs
Advanced session controls

12.3 Enterprise Features

SAML/SSO integration
Custom security policies
Audit log exports
IP allowlisting
Advanced access controls
Dedicated security reviews

13. Frequently Asked Questions

Is my data encrypted?

Yes. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Who can access my data?

Only you and those you share with. Ubik employees cannot access your data without your permission or legal requirement.

Do you sell my data?

No. We never sell personal data or user content.

What happens if there's a breach?

We'll notify affected users within 72 hours, explain what happened, and provide guidance on protective steps.

Is the desktop app safe?

Yes. It's code-signed, regularly updated, and uses encryption for local data. Always download from official sources.

Do you have SOC 2?

SOC 2 Type II certification is in progress. Contact info@ubik.studio for current compliance documentation.

Can I request a security assessment?

Enterprise customers can request security questionnaires and assessments. Contact your account manager.

14. Contact Security Team

For security concerns or to report vulnerabilities:

Security Team: security@ubik.studio
General Support: info@ubik.studio
Website: www.ubik.studio

For urgent security issues, include "URGENT" in the subject line.

Developers & API

Developer documentation and API references are coming soon.

We're working on tools and APIs that will let you extend Ubik Studio, build custom workflows, and integrate with other systems.

Want to stay in the loop? Join our community chat or reach out at info@ubik.studio.

Learn Ubik Studio