Privacy

This product holds the most sensitive content you will ever produce. The architecture is built around that fact rather than apologizing for it afterward.

How your words are kept

On your device

Your voice is encrypted before it leaves the browser, with a key derived from your vault passphrase. The plaintext audio never travels.

In transit and at rest

We receive ciphertext. The audio key is also wrapped under recovery codes only you hold, so no one here can play your recordings back.

When the model reads

Transcripts are decrypted briefly inside an isolated function to be processed, then that memory is wiped. Every such access is written to your audit log.

This is operational privacy, stated honestly: no one at the company can read your content in the ordinary course of operation, every access is logged where you can see it, and the full architecture is documented. It is not a claim that decryption is technically impossible for us; it is a claim about what we have built so that it does not happen.

What we cannot do, and what we will not

Your audio is encrypted on your device under your vault passphrase and wrapped again under recovery codes only you hold. No one here can play it back. Your vault passphrase cannot be reset by us; if you forget it, your printed recovery codes are the only way back to your audio, and we say so plainly before you ever rely on it. Transcripts and the writing built from them are encrypted at rest and processed only briefly, in isolation, with every access written to an audit log you can read. Nothing you produce is sold, shared, or used to train anything.

Any access to your data by a person at the company requires the documented break-glass procedure: a written request from you, approval by two officers, an audit entry stating the reason, a token that expires within a day, and an email to you. There is no quiet path around this.

Subprocessors

The services that process data on our behalf. This list is kept current.

Supabase: Primary database and authentication, US-East region
Vercel: Application hosting
Anthropic: AI processing of decrypted content, under an executed BAA
Deepgram: Speech to text for your recordings
ElevenLabs: Voice synthesis, used only in legacy and letter features
Amazon Web Services: Key management (KMS) for envelope encryption
Stripe: Subscription billing
Resend: Transactional email
Cloudflare: Network protection and rate limiting
Sentry: Error monitoring, with personal data scrubbed before it is sent

Reporting a vulnerability

If you have found a security issue, our contact and policy are published at /.well-known/security.txt. We will acknowledge your report and keep you informed.