What we collect.
Why. In English.

Notice at Collection (California Civ. Code §1798.100(b))

At or before the point of collection, we provide you the following notice:

• Categories collected. Identifiers (email address); commercial information (subscription plan, transaction metadata); internet-or-network activity (IP for rate-limiting); inferences (none used for profiling); geolocation (coarse country/region only via IP, never precise); and a random app-generated device identifier stored in the macOS Keychain.
• Purposes. Providing the Service, fulfilling and managing subscriptions, customer support, fraud and abuse prevention, security, and legal compliance. We do not use personal data for cross-context behavioral advertising.
• Sale/Share. We do not sell personal information for monetary or other valuable consideration and we do not share personal information for cross-context behavioral advertising.
• Retention. See the Retention Schedule below.
• Link to this policy: voicetype.dev/privacy.

Voice and biometric data

VoiceType is engineered to never collect, transmit, retain, or use voice biometric information. Specifically:

• Audio captured from your microphone is held in transient memory and a temporary file on your device while the on-device transcription model runs. The temporary file is deleted immediately after transcription.
• We do not transmit audio to our servers in any default or supported configuration.
• We do not generate, store, transmit, or use voiceprints, voice templates, biometric identifiers, biometric information, or biometric data as those terms are defined under the Illinois Biometric Information Privacy Act, 740 ILCS 14 ("BIPA"); the Texas Capture or Use of Biometric Identifier Act, Tex. Bus. & Com. Code §503.001 ("CUBI"); the Washington My Health My Data Act, RCW 19.375; the New York City POST Act; the California Consumer Privacy Act / California Privacy Rights Act, Cal. Civ. Code §1798.140(ae)(2); or analogous statutes elsewhere.
• We do not perform speaker identification, speaker authentication, or voice-print matching.
• We do not sell, license, or share voice data with third parties (we have none to share).

This non-collection design is verifiable from the documented network behavior of the app: in default operation, the only outbound network connections associated with the transcription pipeline are (a) one-time downloads of model files from public model registries (Hugging Face) and (b), only if you explicitly enable Cloud Polish, post-transcription text (not audio) sent to our authenticated proxy.

Sensitive Personal Information (CCPA/CPRA)

We do not collect or process the following categories of "Sensitive Personal Information" as defined under California Civ. Code §1798.140(ae): government identifiers (Social Security number, driver's license, passport); precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; biometric information for the purpose of uniquely identifying a consumer; the contents of mail, email, or text messages, except as directed by the consumer; health information beyond what the consumer voluntarily places into a transcription; or sex-life or sexual-orientation information. Any such information that incidentally appears in a transcription remains on your device and is not transmitted to our servers in default configurations.

Audio stays local

The default product flow processes microphone audio in real time on your Mac using on-device speech-recognition models. Default behavior does not upload your raw recordings to our servers. If you use optional cloud features (currently only the Pro Cloud Polish provider), only the data those features require is sent, as disclosed at enablement and in Sub-processors.

Email and billing (direct channel)

For direct (non-App Store) purchases, we use Stripe, Inc. as our payment processor and Merchant of Record. Stripe processes card data under its PCI-DSS certifications; we do not store full card numbers on our infrastructure. We retain enough billing metadata (email, subscription status, plan, period dates, last-4) to display your subscription state, answer support, and meet tax and accounting obligations.

Transactional email

Customer-facing transactional emails (purchase receipts, billing reminders, refund confirmations, sub-processor change notices, ARL renewal reminders) are sent by Stripe under Stripe's privacy program. We do not operate a separate transactional or marketing email service and we do not maintain a marketing newsletter.

Device identity

The app generates a random UUID at first launch and stores it in the macOS Keychain (with the access attribute kSecAttrAccessibleWhenUnlockedThisDeviceOnly). This identifier is used solely to bind Pro entitlements to a specific device and to prevent abuse of free-tier or device-limit rules. It is not a hardware identifier, not derived from a hardware identifier, not used for advertising, and not sold.

Sub-processors

Our current sub-processors, including their roles, regions, and privacy policies, are listed at Sub-processors. We will provide at least 30 days' notice before adding a new sub-processor that processes personal data in a materially new way. To subscribe to change notices, email privacy@techbantu.us with the subject "Sub-processor list."

Your rights in the EEA, UK, and similar jurisdictions (GDPR / UK GDPR)

Subject to local law, you may request: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection in cases where we rely on legitimate interests (Art. 21). You may also withdraw consent (Art. 7) for processing based on consent (e.g., funnel events) at any time without affecting prior lawful processing. You may lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of alleged infringement.

To exercise these rights, contact privacy@techbantu.us. We may need to verify your identity for sensitive requests; we will respond within thirty (30) days where the GDPR applies, with one-time extension where permitted by Art. 12(3).

California residents (CCPA / CPRA)

California residents may request to:

• Know the categories and specific pieces of personal information we have collected, the categories of sources, the purposes for collecting/using, and the categories of third parties with whom we share.
• Delete personal information we have collected from you, subject to legal exceptions.
• Correct inaccurate personal information we maintain.
• Limit use of sensitive personal information (we do not collect SPI, so this right has no operative effect).
• Opt out of the sale or sharing of personal information (we do not sell or share).
• Non-discrimination for exercising your CCPA/CPRA rights.

Submit any request to privacy@techbantu.us with the subject "CCPA Request."

Do Not Sell or Share My Personal Information

We do not sell personal information for monetary or other valuable consideration, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. Because we do not sell or share, no opt-out mechanism is required; nonetheless, you may submit any privacy request, including a deemed opt-out, to privacy@techbantu.us.

Authorized agents

You may designate an authorized agent to make a privacy request on your behalf by emailing privacy@techbantu.us with: (i) a written and signed authorization from you; (ii) verification of the agent's identity; and (iii) verification of your identity. We may deny requests from agents who do not provide proof of authorization.

Automated decision-making and profiling

We do not engage in automated decision-making, profiling, or scoring that produces legal or similarly significant effects on you within the meaning of GDPR Art. 22 or comparable provisions. Subscription state changes (free ↔ Pro on payment events) are deterministic results of payment data we receive from Stripe or Apple, not automated decisions about you.

Security

We implement reasonable technical and organizational measures appropriate to the risks: TLS 1.2+ in transit; vendor-provided encryption at rest; macOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly for on-device long-lived secrets; AES-GCM encryption for the on-device transcription history file; least-privilege access for production credentials; and signed application updates via Sparkle with EdDSA-verified appcasts. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. See Security for the full architecture description.

International transfers

We are based in the United States and primarily host with US-based vendors (Stripe, Vercel, Upstash). Where personal data of EEA/UK/Swiss residents is transferred to the US, we rely on Standard Contractual Clauses or analogous transfer mechanisms documented by each vendor (where applicable, the EU–US Data Privacy Framework). Hugging Face hosts in EU and US regions; Stripe operates EU subsidiaries (e.g., Stripe Payments Europe, Limited) for EU sales as Merchant of Record.

Children

VoiceType is not directed to and is not intended for use by children under thirteen (13) in the United States, or under sixteen (16) in the EEA, UK, or other jurisdictions where the GDPR or analogous law sets a higher age of digital consent. We do not knowingly collect personal information from children below those ages.

Business customers (DPA)

If you intend to deploy VoiceType inside an organization where personal data of EEA/UK employees is processed, contact legal@techbantu.us to receive our Data Processing Agreement under GDPR Art. 28.

Changes to this policy

We post material updates on this page and revise the "Last updated" date. If you have an account, we may also notify you by email when legally required for significant changes. The current version is published at voicetype.dev/privacy.