Privacy Policy

How OpenWhispr handles your data.

Last updated: April 7, 2026

Overview

OpenWhispr is a desktop dictation and meeting-notes app built with privacy at the center. By default, your audio is processed on your device and your transcriptions stay on your device. Cloud features exist, but every one of them is optional and clearly marked.

This policy explains exactly what data OpenWhispr collects, where it lives, who else sees it, and how to control or delete it. For a plain-English summary of how we handle your data and what we never do with it, see our Security page.

Data at a Glance

A scannable summary of what we collect and where it goes. Each row links to its full description below.

Category	Where it lives	Who else sees it	Optional?
Account & billing	Our cloud database	Neon, Stripe	Required for paid plans
Voice & audio	Device only by default	Your chosen transcription provider, if any	You pick the mode
Transcriptions	Device SQLite	No one (not synced)	—
Notes & agent conversations	Device SQLite; cloud if synced	Neon (if synced); your AI provider (if used)	Sync & agent are opt-in
Google Calendar	Device only	Google	Optional connection
Meeting detection signals	Device memory only	No one	Can disable
Diagnostic data	Our servers if enabled	No one	Off by default
Referral program	Our servers	No one	Optional

Information We Collect

Account & billing

When you create an OpenWhispr account, we collect the minimum needed to manage it:

Email/password sign-up: email, name, and a hashed password (we never store your password in plain text)
Google sign-in: email, name, and basic profile from Google. We never receive your Google password.
Paid plans: billing details processed by Stripe. We store your customer ID and subscription state, never your full card number.
Session cookies for authentication and automatic session refresh

Voice, audio, and transcriptions

OpenWhispr offers three transcription modes. You pick the one that fits your needs and you can change at any time in settings.

Local processing (default). OpenWhispr can run speech-to-text fully on your device using local open-source models. When you choose this mode, no audio is transmitted anywhere.
Bring your own API key.If you provide your own API key for a third-party transcription provider, your audio is sent directly to that provider for processing under your account. Their privacy policy applies. We don't see, store, or proxy that audio.
OpenWhispr Cloud. Our managed transcription service. Audio is sent to our API, processed in real time, and discarded. Neither we nor any provider behind our API trains on your data. See our Security page for the current provider list and training opt-outs.

Audio Retention (Optional, off by default). If you enable this in Settings, recorded audio is saved to your device for up to 30 days so you can review or re-process it. You set the retention period; OpenWhispr deletes files automatically once they pass it. Audio Retention is local-only and is never synced to OpenWhispr Cloud or any third party.

Transcribed text is stored in a local SQLite database on your device. Transcriptions are not synced to OpenWhispr Cloud — only notes and agent conversations sync (see below).

Custom dictionary.If you add words or phrases (technical terms, names, jargon) to improve transcription accuracy, they're stored locally and passed to your transcription provider as a hint. They're not used for anything else.

Notes and AI agent conversations

Notes are stored on your device in a local SQLite database. A note can contain a title, body content, AI-enhanced versions (if you use the enhancement feature), and — for meeting notes — the meeting transcript and participant list pulled from your calendar invite.

Cloud sync (Optional).If you enable sync, your notes and agent conversation history are stored in our cloud database (Neon, encrypted at rest) so you can access them across devices. Raw audio and transcriptions don't sync — only notes and conversations do. You can disable sync at any time.

The AI Agent (Optional).When you address the AI agent by name, your prompt and any tool results (notes it reads, calendar events it queries, web searches, clipboard contents you ask it to handle) are sent to whichever AI provider you've configured. If you choose to run the agent against a local model on your own device, your prompts and any retrieved context never leave your machine.

Local semantic search. Notes are automatically indexed for semantic search using a small embedding model that runs entirely on your device. The embeddings never leave your machine.

Google Calendar (Optional)

Connecting Google Calendar is optional. If you do, OpenWhispr reads your calendar list and upcoming events (read-only — we never create, edit, or delete anything) and uses that data to:

Notify you when a scheduled meeting is about to start
Suggest a title for your meeting note based on the event name
Attach the calendar invite participants to that note

Upcoming events are cached locally alongside your notes and transcriptions. This data stays on your device — we don't send it to our servers, share it, or use it for ads or AI training.

Disconnect from OpenWhispr settings to delete the local cache, or revoke access anytime via your Google Account permissions.

Limited Use.OpenWhispr's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Meeting detection signals

OpenWhispr can detect when a meeting is happening so it can offer to take a note. To do this it monitors two things on your device only:

Whether known meeting apps (Zoom, Teams, Webex, FaceTime) are running on your computer
Whether any application is currently using your microphone (on macOS, Windows, and Linux)

OpenWhispr does not capture what those other apps are doing, what they're recording, or who's on the call. It only knows the binary fact that "a meeting app is open" or "the mic is in use." These signals are held in memory only, never written to disk, never sent anywhere. You can disable meeting detection in Settings.

System audio capture (macOS 14.2+, Optional).On recent versions of macOS, OpenWhispr can record both your microphone and the audio coming from other apps so it can transcribe both sides of a meeting. This requires you to explicitly grant macOS's "System Audio Recording" permission. The captured audio is treated exactly like microphone audio: processed in real time and discarded unless you have Audio Retention enabled. This feature is macOS-only today.

Accessibility-based features

The first time you use OpenWhispr to paste a transcription, it asks for your operating system's accessibility permission. We use this for two things:

Auto-paste:pastes your transcribed text into whatever text field you have focused, so you don't have to copy and paste manually.
Correction learning: for up to 30 seconds after a paste, OpenWhispr watches the focused text field for edits you make to the text it pasted. If you fix a misspelled word, OpenWhispr learns the correction so future transcriptions are more accurate. The captured edits stay on your device and are never sent to OpenWhispr or any third party.

You can revoke accessibility permission in your OS settings at any time, which disables both features.

Diagnostic & technical data (Optional)

Diagnostic reporting is off by default. If you opt in, we collect anonymous performance metrics to help us improve quality and reliability:

Audio processing metrics (duration, format)
Speech-to-text metrics (provider, model, processing time, word count)
LLM processing metrics (provider, model, token counts)
Round-trip timing and error information
Client information (client type, version, app version)

Diagnostic data may be submitted anonymously without any user or session identifier attached. It is used solely to improve performance and reliability, and is never sold or shared. You can opt out at any time in your application settings.

Referral program (Optional)

If you participate in the referral program, we collect:

Your unique referral code and the invitations you send
The email addresses of people you invite (uploaded to our servers so we can track conversions and prevent abuse)
Click analytics on your referral link (user agent, referring URL)
Whether a referral results in a sign-up or subscription

We only email a recipient when you initiate the invite. Referral data is used to attribute rewards and prevent abuse — nothing else.

How We Use Your Information

We use the data we collect for two purposes only:

Service delivery

• Provide transcription, notes, and agent features
• Process payments and manage subscriptions
• Deliver software updates
• Provide customer support

Product improvement

• Analyze opt-in diagnostic logs to improve quality
• Fix bugs and improve performance
• Develop new features
• Ensure security and stability

We never use your transcribed content, notes, or audio for advertising, marketing to third parties, or training our own AI models. Period.

How We Share Information

We do not sell, trade, or rent your personal information. We share information only in the limited circumstances below.

Subprocessors

These are the vendors we rely on to operate OpenWhispr Cloud and our core account features. Each is governed by its own privacy policy. We may add or change subprocessors over time and will update this table to reflect material changes.

Service	Purpose	Data category
Neon	Account database & cloud sync storage	Account info, synced notes & conversations
Stripe	Payment processing & subscription management	Billing details, customer email
Resend	Transactional email delivery	Email addresses, message contents
Vercel	Website hosting & cookieless analytics	Web request logs, anonymized page metrics
Google	OAuth sign-in; Calendar API (if connected)	Email + profile; calendar list & events
OpenWhispr API (api.openwhispr.com)	Our backend: streaming token broker, referral tracking, contact form, sync endpoints	Varies by feature
Parasail	LLM inference behind OpenWhispr Cloud agent and reasoning features	Prompts, conversation context, tool results

Third-party AI providers you connect (BYOK)

These services only receive your data when you choose to connect them by providing your own API key. OpenWhispr is not the data controller for what you send to them — their privacy policy and account settings apply.

Cloud transcription: OpenAI Whisper, Deepgram, AssemblyAI, Groq, Mistral, custom endpoints
AI agent / reasoning: OpenAI, Anthropic, Google Gemini, custom endpoints

Local processing (no third party involved)

OpenWhispr ships with optional on-device speech-to-text and AI models. When you choose to use these, no audio, transcription, or agent prompt is transmitted to OpenWhispr or any third party — the processing happens entirely on your computer. There is no subprocessor involved because no data leaves your device.

Legal & business transfers

We may disclose information if required by law, court order, or to protect our rights and safety. In the event of a merger, acquisition, or sale, your information may be transferred to the new owner under terms consistent with this policy.

Data Retention & Deletion

Local data (notes, transcriptions, agent conversations) lives on your device until you delete it. Uninstalling OpenWhispr removes the app data directory.
Audio Retention (if enabled) auto-deletes recorded audio files after the period you set (up to 30 days).
Cloud-synced data is deleted within 30 days of account deletion.
Google Calendar local cache is deleted immediately when you disconnect your Google account from OpenWhispr settings.
Diagnostic data, when opted in, is retained only as long as it is useful to investigate the relevant issue.

Security

All cloud connections use TLS 1.2 or higher.
Our cloud database (Neon) is encrypted at rest.
Account passwords are hashed with industry-standard algorithms via our identity provider.
API keysyou enter for third-party providers are currently stored in plaintext in your local app data directory. We're migrating to OS-native secure storage — track progress on issue #532.
Your local SQLite database is unencrypted by OpenWhispr — it relies on your operating system's disk encryption (FileVault on macOS, BitLocker on Windows, LUKS on Linux). We recommend you keep disk encryption enabled.

For more on our security practices, see our Security page.

Your Rights and Choices

You have the following rights regarding your personal information:

Access & portability:request a copy of your personal information and export your notes and transcriptions from Settings → Data Export.
Correction: update or correct your personal information at any time through your account settings.
Deletion: delete individual notes, clear all local data, or delete your account entirely from within the app.
Opt-out: disable cloud features, unsubscribe from communications, or delete your account at any time.

International Users

OpenWhispr is operated from the United States. By using our services, you acknowledge that your information may be processed in the US.

For EU users (GDPR)

You have additional rights under GDPR, including the right to object to processing, restrict processing, and lodge complaints with supervisory authorities.

For California users (CCPA)

You have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information (we don't sell personal information).

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website
Sending email notification to registered users
Displaying a notice in the OpenWhispr application

Your continued use of OpenWhispr after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, reach out to us:

OpenWhispr Team

Email: support@openwhispr.com

Subject line: Privacy Inquiry

We aim to respond to privacy-related inquiries within 48 hours. For a plain-English summary of how we handle your data and what we never do with it, see our Security page.