Privacy & Security
Choose Your AI Provider
The built-in proxy is just the default. Send the text AI to your own Gemini key, a provider your company already approved, or a local model — Ollama, LM Studio.
Local Mode
Go offline at setup or per meeting — transcription and speaker separation stay on your Mac, cloud AI pauses.
No Account Required
No login, no email, no account — your usage is never tied to your identity, and there's no stored copy to breach.
See Every Request
Settings → Network Log shows every request the app sends, live — what it was for and where it went.
Summary
- MimicScribe performs all speech recognition on-device using Apple's CoreML framework. Your audio never leaves your Mac.
- When you use AI features, transcribed text is sent to Google's Gemini API through a proxy server we operate. You can bypass our servers with your own Gemini API key, or route AI features to any OpenAI-compatible endpoint — including a local model on your own Mac, so text never leaves it. Audio is never sent.
- No account or login is required — your usage is never tied to your identity.
- Analytics and crash reporting can be enabled during onboarding and toggled at any time in Settings.
- A built-in Network Log (Settings → Network Log) shows every request the app sends, live — what it was for, where it went, and when.
- We are compliant with CCPA and GDPR.
- Every release is signed and notarized by Apple, and updates are cryptographically verified before they install — see Security below.
- You can enable Local Mode for any meeting to keep all data on-device — no cloud processing of any kind.
- You are responsible for obtaining consent from meeting participants where required by law.
What We Do Not Collect
- We do not require an account, login, or email address. Your usage is never linked to your identity.
- We do not upload, stream, or transmit your audio recordings.
- We do not log keystrokes.
- We do not use advertising networks or cross-site tracking.
- We do not sell your data to any third party.
- We do not fingerprint your device. The only device-derived value is a one-way hash of your hardware UUID, used solely for free-tier rate limiting on our proxy. It cannot be reversed to identify your Mac.
How Your Data Flows
This diagram shows exactly what stays on your Mac and what reaches the cloud when you use AI features:
Temporary WAV files used during processing are deleted when the meeting ends. You can opt to save meeting recordings in Settings — saved audio is stored locally and never transmitted. If you enable Local Mode for a meeting, nothing below the dashed line happens — the entire flow stays on your Mac.
Data Processed On-Device
The following data is created and stored exclusively on your Mac and is never transmitted to any server:
- Audio recordings (stored in
~/Documents/MimicScribe/Recordings/) - Voice embeddings for speaker recognition — short numerical fingerprints derived from each speaker's voice during a meeting, used to distinguish who is speaking. Created during recording and stored only in your local database.
- Speaker profiles and diarization data
- Search indexes — numerical representations of your meeting content used for search and reference document retrieval. Generated on-device and never transmitted.
- App settings and preferences (stored separately in
~/Library/Preferences/)
Database stored in: ~/Library/Application Support/app.mimicscribe/
Data Sent to External Services
Certain features require communication with external services. By
default, API traffic is routed through an open-source proxy we operate on Cloudflare Workers (mimicscribe.app/api). You can bypass the proxy entirely with your own Gemini API key or
your own OpenAI-compatible endpoint — see Bring Your Own Key or Model
below. In all cases, only the minimum necessary data is transmitted:
- Gemini API (Google) — via our proxy: When you use AI features (summaries, speaker attribution, meeting assistant,
transform mode, text refinement), the relevant transcribed text is sent
to Google's Gemini API through our Cloudflare Worker proxy. Audio is never
sent. Depending on the feature, the request may also include:
- Your personal context and vocabulary list — included automatically when configured in Preferences
- Relevant sections of reference documents — included only when you have added context sources in Settings and the content matches the current conversation
- Selected text from the active application — sent only when you use voice editing (transform mode) on highlighted text
- Clipboard text — sent only when you explicitly say "clipboard" or "pasteboard" in a voice instruction
Our proxy strips all identity headers before forwarding requests to Google — Google does not receive your device identifier or license key.
- Device identifier: Free users are identified by a one-way SHA-256 hash of the hardware UUID. This hash is used solely for rate limiting and free-tier usage tracking on our proxy. It is not shared with Google or any other third party.
- Usage reporting: For paid subscribers, aggregate token usage (token counts, feature name, model, and billing period — no transcript content) is reported to our server periodically for billing purposes.
- License validation: Subscription license keys are validated against our server on app launch and periodically. No personal data beyond the license key is sent. Billing and checkout are handled by Stripe.
- App Updates (Sparkle): MimicScribe checks for updates daily using the Sparkle framework. The update request includes a standard User-Agent header containing the app version, macOS version, and system locale. Your IP address may be logged by the update server.
- Analytics (opt-in): During onboarding, you are given the option to enable anonymous analytics (the toggle defaults to on, and is automatically turned off if you choose Local Mode). When enabled, anonymous events fall into three categories: activity (which features you use and when), reliability (model load failures, recording errors, API errors), and adoption (initial choices like provider, template, and whether you use optional features such as bring-your-own-key). Each event includes the event name, app version, OS version, an anonymous one-way hash of your hardware identifier, and a timestamp — never your transcripts, file names, or other user content. Reliability events carry only error type names and categorical codes (for example, an HTTP status code or an error class name) — never error messages or stack traces. The device hash uses a different salt than the billing identifier, so the two cannot be correlated. Analytics can be disabled at any time in Settings. Data is sent to our own server, not a third-party analytics service, and is automatically deleted after 90 days. The categories above are an upper bound: future versions may add events within them, but never user content.
- Crash diagnostics (opt-in): When enabled, the app collects two kinds of stability data: anonymous crash and hang reports delivered by Apple's MetricKit framework the day after they occur, and — on the next launch following an unhandled exception — a one-shot envelope containing the exception name and the top stack frames (function names + offsets). The envelope deliberately omits the exception reason string, since Cocoa runtime exceptions can embed object descriptions that may include user content. No transcripts, file paths, or user content are included. Crash diagnostics can be disabled at any time in Settings and are automatically deleted after 90 days.
- Pre-consent buffering: Analytics or crash diagnostics that occur before you reach the privacy screen during onboarding (for example, a model download failure on first launch) are held in a local file on your machine and never transmitted. When you finish onboarding, your choices are honored: enabled categories flush their local buffer to our server; disabled categories delete their buffer without sending anything. If you decline both, no data leaves your Mac.
- Model downloads: On first launch, speech recognition models (~600 MB) are downloaded from a remote server and cached locally. No personal data is sent during the download.
Local Mode
When Local Mode is enabled for a meeting (the toggle labeled "Offline" when you start a meeting), no transcript text, metadata, or any other data is transmitted to external services for that meeting. Speech recognition and speaker separation run entirely on-device using CoreML. AI features that require cloud processing — including summaries, speaker naming, action items, and the meeting assistant — are unavailable for that meeting. You can choose to process the meeting with AI later by disabling Local Mode for that meeting after it ends.
Local Mode applies to that meeting's content. Anonymous activity counters with no meeting content (for example, that a meeting completed and its rough duration) may still be sent if you have analytics enabled in Settings — these never include the meeting's transcript, audio, title, or participants. To suppress all outbound traffic completely, also disable analytics and crash diagnostics in Settings.
You can watch this happen. Settings → Network Log shows every
request the app sends, live — run a Local Mode meeting with it open
and no AI requests appear. For independent verification with macOS's
own nettop and lsof tools, and the full inventory of endpoints, see Network Activity.
Bring Your Own Key or Model
You can take our proxy out of the data path entirely, two ways.
Your own Gemini API key (Light and Unlimited plans, Settings → Subscription). When a key is active:
- Transcript text is sent directly to Google's Gemini API — it never passes through our proxy or any server we operate.
- No device identifier, license key, or other identity information is included in the request. The only credential sent is your API key.
- Usage is still tracked locally on your device for your own reference, but no usage data is reported to our servers for Gemini requests.
The key is validated with a lightweight API call before it is saved. You can remove it at any time in Settings to return to the default proxy path.
Your own OpenAI-compatible endpoint (any plan, including Free — the usual free-tier daily caps still apply). Point MimicScribe at a local runtime such as Ollama or LM Studio, or at any provider you choose. Transcript text for the affected AI features is sent to that endpoint instead of our proxy or Google. If the endpoint runs on your own machine, that text never leaves it — combined with on-device transcription, the entire pipeline stays on your Mac. You are responsible for the privacy and security of any endpoint you configure. See On-Device AI for the local-model walkthrough and Custom Endpoint for the full reference.
Both options affect only transcript text. If you have analytics or crash diagnostics enabled in Settings, those events continue to be sent to our server independent of your AI provider choice. To minimize all contact with our infrastructure, also disable analytics and crash diagnostics in Settings.
Security
Privacy is about what we collect. Security is about how the app, the update channel, and your data are protected. Here is how each layer works:
- Signed and notarized builds: Every release is signed with our Apple Developer ID and notarized by Apple before distribution. macOS verifies both before the app runs, so a modified copy will not launch.
- Verified updates: Updates are delivered through the Sparkle framework and signed with an EdDSA key that only we hold. The app checks each update's signature against a public key embedded in the app itself before installing — even a compromised update server cannot push a tampered build.
- A stateless, open-source proxy: The proxy that forwards AI requests to Google has no database and keeps no copies. It strips identity headers, forwards your text, returns the response, and discards everything. The full source is on GitHub — you do not have to take our word for it.
- A live network log: Settings → Network Log records every request the app sends — purpose,
destination, status, and timing, as it happens. Entries hold metadata
only, never request bodies or credentials, and clear when the app quits.
The two channels with their own networking (update checks and model downloads)
are disclosed in the pane's "Where this app connects" list.

- Encrypted transport: Every network call the app makes uses HTTPS (TLS). The complete list of endpoints and what each one carries is documented on the Network Activity page, along with instructions for inspecting the traffic yourself.
- Local data protection: Your transcripts, recordings, and database live in your macOS user account and are protected by your account's permissions. The database is not separately encrypted — FileVault, which is on by default on modern Macs, provides encryption at rest for everything on disk, including your MimicScribe data. If you share a Mac and have FileVault off, turn it on.
- Reporting a vulnerability: If you find a security issue, email security@mimicscribe.app. We read every report.
Device Permissions
MimicScribe requests the following macOS permissions to function:
- Microphone: Used for speech-to-text transcription. Audio is processed entirely on-device.
- System Audio Recording: Captures audio from video calls during meeting recording. This is audio only — no screen content or video is captured. The audio is processed on-device and stored locally.
- Accessibility (optional): Used by voice editing features to read selected text in the active application and to paste results at the cursor. Not required for meeting recording. Selected text is read only at the moment you invoke a feature. While a recording is active, the app also watches window-focus changes to keep the recording indicator positioned — this reads window positions, not content. No accessibility observation runs outside an active recording.
Clipboard (voice editing only): At the start of a voice-editing recording, MimicScribe snapshots the clipboard so it can paste the result at your cursor and then restore what was there when the recording ends. Any text on the clipboard is read into memory at that moment, but it is included in the AI request only if you explicitly say "clipboard" or "pasteboard" in your instruction — otherwise it is discarded without being transmitted. Images on the clipboard are never read or sent. The clipboard is not accessed during meeting recording.
Recording Consent
MimicScribe can record system audio and microphone input during meetings. Recording laws vary by jurisdiction — some require consent from all participants, others require consent from only one party.
You are solely responsible for obtaining any required consent from meeting participants before recording. This includes complying with federal, state, and local wiretapping and eavesdropping laws that apply to your situation.
MimicScribe does not notify meeting participants that a recording is in progress. If you are unsure whether consent is required, we recommend informing all participants before you begin recording.
Data Retention & Your Rights
All on-device data — including audio recordings, transcriptions, meeting records, and speaker profiles — is stored locally and remains entirely under your control. You can delete individual records from within the app or remove all data at once by deleting:
~/Library/Application Support/app.mimicscribe/(database and app data)~/Documents/MimicScribe/(audio recordings)
Because your data lives on your device, no data access request to us is necessary — you already have it.
Regulatory Rights (GDPR & CCPA)
Because nearly all your data lives on your device, most privacy rights are satisfied by default — you can access, export, correct, or delete your data at any time without contacting us.
For the limited data that passes through our servers (transcript text sent to Gemini via our proxy — or directly to Google if using Bring Your Own Key — and aggregate usage counts for billing):
- We do not sell or share personal information for advertising.
- Our proxy does not log transcript content. Requests are forwarded to Google with identity headers stripped, then discarded.
- We process data based on your consent (analytics) and legitimate interest (providing the service). On-device processing does not involve the transfer of personal data to us.
- When AI features send text to Google's Gemini API, data is processed statelessly and is not used to train Google's models, in accordance with their API terms of service. No audio or voice data is transferred outside your device.
To exercise any regulatory rights or ask questions, contact us at legal@mimicscribe.app.
Third-Party Services
The following third-party services may process data on our behalf:
| Service | Purpose | Data Processed |
|---|---|---|
| Google Gemini | AI text processing | Transcribed text, selected text, clipboard text (per feature use; no audio or images). Processed statelessly; not used for model training. |
| Cloudflare | API proxy, hosting, CDN | API traffic (Gemini, billing, analytics); web request data. AI traffic bypasses Cloudflare when using your own API key or a custom endpoint. |
| Stripe | Billing & subscriptions | License key, payment and account information |
| Sparkle | App updates | IP address, User-Agent (app version, macOS version, locale) |
| PromoteKit | Affiliate attribution (website only) | Referral ID from ?via= URL parameter, set as a first-party
cookie on your browser so the affiliate who referred you is credited
if you subscribe. No personal information is collected by this script
— only the referral identifier and timestamp. |
Cookies
This website uses only the following cookies:
- Feedback session: anonymous session identifier for the feedback board (so your vote or post can be attributed back to you on the same device without creating an account).
- Admin authentication: set only if you log in as an admin on the feedback board.
- Affiliate referral (PromoteKit): if you arrived via an affiliate link (a URL containing
?via=), a first-party cookie stores the referrer's ID so they receive commission if you subsequently subscribe. The cookie contains no personal information and expires after 60 days. Blocking it has no effect on your ability to use the site; only affiliate attribution is lost.
We do not use analytics, advertising, or cross-site tracking cookies.
Contact
Questions about this policy? Email us at legal@mimicscribe.app.
Last updated: June 12, 2026