No legalese, no buried clauses. VoxNotes is built privacy-first, so our privacy policy should reflect that. Here's exactly what we collect, what we don't, and why.
VoxNotes exists because we believe your voice is private. We built the app so that transcription happens on your device by default, with no data sent anywhere. When you choose to use cloud features, we collect the minimum data required and delete everything we can as fast as we can.
We will never sell your data. We will never read your transcriptions. We will never use your content to train AI models. Period.
In Privacy Mode, your audio files are processed entirely on your device. Your transcriptions are stored in your browser's local storage. Nothing is uploaded to our servers. Nothing leaves your phone.
Privacy Mode is the default. It works without an account, without an internet connection, and without sending a single byte of audio off your device. Here's exactly what happens:
All anonymous analytics are collected via privacy-respecting tools (such as Plausible Analytics) that do not use cookies and do not track individual users across sessions. You can opt out of anonymous analytics entirely in the app settings.
Creating an account is entirely optional. You can use VoxNotes in Privacy Mode forever without signing up. If you choose to create an account to access cross-device sync or Speed Mode, here's what we collect:
We use your email to log you in, reset your password if needed, and send product updates (which you can opt out of at any time). Usage statistics help us understand which features are popular so we can improve the app. We never sell, share, or monetize your account data.
Speed Mode is an optional paid feature ($7/month) that sends your audio to a cloud transcription service for instant results. Speed Mode is always opt-in — you choose it per note. Your Privacy Mode notes are never affected.
We use a small number of third-party services. Here's every one of them, what they do, and what data they see:
We use AssemblyAI for cloud transcription in Speed Mode. They receive your audio, transcribe it, and return the text. Audio and text are deleted from their servers immediately after processing. They do not use your data for model training. Their privacy policy is available on their website.
We use Plausible Analytics for anonymous, cookie-free usage tracking. Plausible does not collect personal data, does not use cookies, and is fully GDPR compliant. No individual user can be identified from the data we collect.
We use Stripe to process payments. Stripe collects your payment information (card number, billing address) directly — we never see or store your full card details. Stripe's privacy policy governs their handling of payment data.
The VoxNotes web app is hosted on Cloudflare Pages. These providers may log IP addresses in their standard server logs. We do not access or store these logs for user tracking purposes.
If you use cross-device sync, your encrypted notes are stored on Supabase (backed by AWS). Notes are end-to-end encrypted before leaving your device — the sync provider cannot read your content.
You have full control over your data at all times. No fine print, no exceptions.
Use VoxNotes in Privacy Mode forever. No signup required, no limits on notes or recordings.
Download every note as markdown, plain text, or PDF at any time. Your data is never locked in.
Delete your account and all associated data from our servers permanently. One click in settings.
Disable all anonymous usage tracking in the app settings. We'll still work perfectly — we just won't know you're here.
Ask us for a copy of all data we hold about you. We'll deliver it within 30 days.
Update your email, change your password, or correct any information tied to your account.
We take security seriously. Here's how we protect your data at every layer:
All data transmitted between your device and our servers (for Speed Mode and sync) is encrypted with TLS 1.3. No exceptions.
Synced notes are end-to-end encrypted before leaving your device using AES-256 encryption. Even if our servers were compromised, your content would remain unreadable.
Passwords are hashed using bcrypt with a high work factor. We never store passwords in plain text. We support and recommend strong, unique passwords.
We use trusted, audited infrastructure providers (AWS, Vercel, Cloudflare) with SOC 2 compliance. Access to production systems is restricted and logged.
In the unlikely event of a data breach, we will notify affected users within 72 hours with full details of what happened, what data was involved, and what steps we're taking.
VoxNotes is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data through an account, please contact us and we will delete it immediately.
If we make significant changes to this policy, we will notify you via email (if you have an account) and display a notice in the app. Minor wording clarifications may be made without notification, but the substance of our commitments will not change without clear communication.
This policy's revision history is publicly available on our GitHub repository so you can see exactly what changed and when.
Questions about this policy? Concerns about your data? Requests for export or deletion? We're real people and we respond to every message.