iOS · iPadOS · Coming soon

Block trackers, phishing, and malware — locally.

Kilpi stops harmful sites and trackers before they load. Encrypted DNS, system-level URL filtering, and a Safari content blocker — all evaluated on-device against six threat-intelligence feeds.

TrackersPhishingMalwareAdsCookie banners

Get notified See features

Threat-intel feeds

Protection layers

Browsing logs sent

Account required

Features

Two modes. One shield.

Guardian mode

Approachable protection with a single shield, plain-language explanations, and everyday safety checks. Free, no account, on-device.

Expert mode

Deeper network controls with traffic analytics, custom IP / domain / URL rules, flow inspection, and packet capture tools.

Encrypted DNS

DNS-over-HTTPS with on-device blocklist matching. Your DNS requests go only to the encrypted provider you choose.

Content filter

System-level URL filtering through Apple's Network Extension content filter. Apps and Safari benefit alike.

Safari blocker

Ad, tracker, and cookie-banner blocking inside Safari, powered by Apple's content-blocker APIs.

Six threat-intel feeds

URLhaus, StevenBlack, PhishingDB, Disconnect, AbuseIPDB, and AlienVault OTX — downloaded and evaluated locally against compiled patterns for speed.

Custom rules & analytics

Build allowlists and blocklists for domains, IP ranges, and URLs. Inspect what was blocked and why. All analytics stay on the device.

Home Screen widgets

Keep Kilpi's protection status and recent activity visible from your Home Screen with widget snapshots of the current shield state.

Screens

Inside the app

Guardian Dashboard

One shield, plain-language status, and a recent activity feed.

Guardian Settings

Toggle each protection layer with a clear explanation of what it does.

Expert Dashboard

Traffic analytics and flow inspection — all on-device.

Custom Rules

Allowlists and blocklists for domains, IP ranges, and URLs.

Expert Settings

Tune flows, packet capture, and feed updates.

Privacy

Your network stays yours.

Threat analysis and rule evaluation happen on-device. Threat-feed updates are the only external downloads. DNS requests go only to the encrypted provider you choose. No analytics SDKs, no crash reporting, no telemetry pipeline.

No browsing logs sent
No account
No analytics
No tracking
No ads
On-device evaluation

Read privacy policy

Coming to the App Store.

Drop us a note and we'll let you know the moment Kilpi ships.

Get notified