Privacy Policy

We believe privacy is a fundamental right. This policy explains how OpenWhispr can protect your data.

Last updated: February 26, 2026

Our Commitment to Privacy

OpenWhispr is built with privacy at its core. This Privacy Policy describes how OpenWhispr ("we," "us," or "our") collects, uses, and protects your information when you use OpenWhispr software and services.

Key principle: Your voice data and transcriptions are processed locally on your device whenever possible. We never store or transmit your audio or transcribed text unless you explicitly choose cloud features.

Information We Collect

Local Processing (Default)

When using local processing, your voice data never leaves your device. We do not collect, store, or have access to your audio recordings or transcriptions.

Cloud Transcription (Optional)

If you choose to use cloud transcription services (like OpenAI's Whisper API), your audio data is sent to the third-party provider for processing. We do not store your audio recordings.

Cloud Sync (Optional)

If you enable cloud sync, your transcriptions are stored in our cloud database so you can access them across devices. Synced data includes:

  • Transcription text and word count
  • Source indicator (cloud or local)
  • Transcription provider and model used
  • Language, audio duration, and processing time
  • Associated metadata

Cloud sync is entirely opt-in. You can disable it at any time, and transcriptions will only be stored locally on your device.

Account Information

When you create an account, we collect information depending on your sign-in method:

  • Email/password sign-up: Email address, name, and a securely hashed password (we never store plaintext passwords)
  • Google sign-in: Email address, name, and profile information provided by Google via OAuth. We do not receive or store your Google password.
  • Session cookies for authentication and automatic session refresh
  • Payment information for paid accounts (processed securely by Stripe; we never store your full card details)
  • Subscription and billing details

Your account and authentication data is managed through our identity provider. We do not share your credentials with any other parties.

Technical Information

We may collect anonymous technical data:

  • Operating system and device type
  • App version and performance metrics
  • Crash reports and error logs
  • Feature usage statistics (anonymized)

Performance and Diagnostic Logs (Optional)

If you opt in to diagnostic reporting, we may collect:

  • Audio processing metrics (duration, format)
  • Speech-to-text metrics (provider, model, processing time, word count)
  • LLM processing metrics (provider, model, token counts)
  • Round-trip timing and error information
  • Client information (client type, version, app version)

Diagnostic data may be submitted anonymously without any user or session identifier attached. This data is used solely to improve performance and reliability, and is never sold or shared with third parties. You can opt out at any time in your application settings.

Referral Program

If you participate in our referral program, we collect:

  • Referral codes and invite associations
  • Click analytics (user agent, referring URL)
  • Conversion tracking (whether a referral results in sign-up or subscription)

This data is used to attribute referral rewards and prevent abuse.

How We Use Your Information

We use collected information only for the following purposes:

Service Delivery

  • • Provide transcription services
  • • Process payments and subscriptions
  • • Deliver software updates
  • • Provide customer support

Product Improvement

  • • Analyze usage patterns (anonymized)
  • • Analyze opt-in diagnostic logs to improve transcription quality
  • • Fix bugs and improve performance
  • • Develop new features
  • • Ensure security and stability

Important: We never use your transcribed content for advertising, marketing to third parties, or training our own AI models without explicit consent.

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in these limited circumstances:

Third-Party Services

Your data may be processed by third-party services including: Neon Database (authentication and data storage), Google (OAuth sign-in), OpenAI (cloud transcription), and other cloud providers, each according to their own privacy policies.

Payment Processing

Payment information is processed by Stripe and subject to their privacy policy.

Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and safety.

Business Transfers

In the event of a merger, acquisition, or sale, your information may be transferred to the new owner.

Data Security

We implement appropriate security measures to protect your information:

Local Processing

  • • Data never leaves your device
  • • No cloud storage of audio/text
  • • You control all data retention

Cloud Features

  • • Encryption in transit and at rest
  • • Secure API connections
  • • Regular security audits

Note: No security system is 100% secure. We cannot guarantee absolute security, but we use industry-standard practices to protect your data.

Your Rights and Choices

You have the following rights regarding your personal information:

Access and Portability

Request a copy of your personal information and export your data in a portable format.

Correction and Updates

Update or correct your personal information at any time through your account settings.

Deletion

Request deletion of your personal information, subject to legal and contractual obligations.

Opt-Out

Disable cloud features, unsubscribe from communications, or delete your account at any time.

Cookies and Tracking

Our website uses minimal cookies and tracking:

Essential Cookies

Required for website functionality, user sessions, and security.

Analytics

We use privacy-focused analytics to understand website usage and improve our services.

Third-Party Services

Payment processing and support services may use their own cookies.

International Users

OpenWhispr is available globally, but OpenWhispr is based in the United States. By using our services, you acknowledge that your information may be processed in the US.

For EU Users (GDPR)

You have additional rights under GDPR, including the right to object to processing, restrict processing, and lodge complaints with supervisory authorities.

For California Users (CCPA)

You have the right to know what personal information is collected, delete personal information, and opt-out of the sale of personal information (which we don't do).

General Audience

OpenWhispr is designed for general audiences and is not specifically directed at children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notification to registered users
  • Displaying a notice in the OpenWhispr application

Your continued use of OpenWhispr after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

OpenWhispr Team

Email: support@openwhispr.com

Subject: Privacy Policy Inquiry

Response Time: We aim to respond to all privacy-related inquiries within 48 hours.