Privacy Policy

Summary

• MimicScribe performs all speech recognition on-device using Apple's CoreML framework. Your audio never leaves your Mac.
• When you use AI features, transcribed text is sent to Google's Gemini API through a proxy server we operate. Audio is never sent.
• No account or login is required — your usage is never tied to your identity.
• Analytics and crash reporting can be enabled during onboarding and toggled at any time in Settings.
• We are compliant with CCPA and GDPR.

Data Processed On-Device

The following data is created and stored exclusively on your Mac and is never transmitted to any server:

• Audio recordings (stored in ~/Documents/MimicScribe/Recordings/)
• Voice embeddings used for speaker recognition
• Speaker profiles and diarization data
• Search indexes and semantic embeddings
• App settings and preferences (stored separately in ~/Library/Preferences/)

Database stored in: ~/Library/Application Support/app.mimicscribe/

Data Sent to External Services

Certain features require communication with external services. All API traffic is routed through a proxy server we operate on Cloudflare Workers (mimicscribe.app/api). In all cases, only the minimum necessary data is transmitted:

• Gemini API (Google) — via our proxy: When you use AI features such as text refinement, meeting summaries, speaker attribution, the meeting assistant, or instruction mode, the relevant transcribed text is sent to Google's Gemini API through our Cloudflare Worker proxy. Audio is never sent. In instruction mode, clipboard images may also be sent if you ask the assistant to analyze an image. Our proxy strips all identity headers before forwarding requests to Google — Google does not receive your device identifier or license key.
• Device identifier: Free users are identified by a one-way SHA-256 hash of the hardware UUID. This hash is used solely for rate limiting and free-tier usage tracking on our proxy. It is not shared with Google or any other third party.
• Usage reporting: For Pro subscribers, aggregate token usage (token counts, feature name, model, and billing period — no transcript content) is reported to our server every 15 minutes for billing purposes.
• License validation (Polar): Subscription license keys are validated against our server on app launch and periodically. No personal data beyond the license key is sent. Billing and checkout are handled by Polar.
• App Updates (Sparkle): MimicScribe checks for updates daily using the Sparkle framework. The update request includes a standard User-Agent header containing the app version, macOS version, and system locale. Your IP address may be logged by the update server.
• Analytics (opt-in): During onboarding, you are given the option to enable anonymous analytics (the toggle defaults to on). When enabled, we collect the event name, app version, OS version, and timestamp — no device ID, no user content. Analytics can be disabled at any time in Settings. Data is sent to our own server, not a third-party analytics service.
• Model downloads: On first launch, speech recognition models (~600 MB) are downloaded from a remote server and cached locally. No personal data is sent during the download.

What We Do Not Collect

• We do not require an account, login, or email address. Your usage is never linked to your identity.
• We do not upload, stream, or transmit your audio recordings.
• We do not log keystrokes.
• We do not use advertising networks or cross-site tracking.
• We do not sell your data to any third party.
• We do not create persistent device fingerprints beyond the hashed device identifier used for rate limiting.

Device Permissions

MimicScribe requests the following macOS permissions to function:

• Microphone: Used for speech-to-text transcription. Audio is processed entirely on-device.
• Accessibility: Used to read selected text in the active application (so the AI assistant can see what you've highlighted), to read window positions for overlay placement, and to detect browser URLs for automatic meeting detection. Accessibility data is read only at the moment you invoke a feature — no persistent observers are installed.
• Screen Recording (System Audio): Required by macOS to capture system audio during meeting recording. The captured audio is processed on-device and stored locally.

MimicScribe also interacts with the system clipboard: it temporarily snapshots and restores clipboard contents when pasting transcriptions, and may read clipboard images when you ask the AI assistant to analyze an image.

Third-Party Services

• Google Gemini API — AI text processing (accessed via our proxy)
• Polar — billing and subscription management
• Sparkle — automatic software updates
• Cloudflare — API proxy, website hosting, and CDN

Data Retention

All on-device data — including audio recordings, transcriptions, meeting records, and speaker profiles — is stored locally and remains entirely under your control. You can delete individual records from within the app or remove all data at once by deleting the ~/Library/Application Support/app.mimicscribe/ folder.

Your Rights

Because your data lives on your device, you have full control over it at all times. To permanently delete all MimicScribe data, uninstall the app and remove:

• ~/Library/Application Support/app.mimicscribe/
• ~/Documents/MimicScribe/ (audio recordings)

California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the CCPA:

• Right to Know: You may request what personal information we collect, use, or disclose.
• Right to Delete: You may request deletion of your personal information. Since your data is stored locally on your device, you can delete it at any time without contacting us.
• Right to Opt Out: We do not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, contact us at legal@mimicscribe.app.

General Data Protection Regulation (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under the GDPR:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate personal data.
• Right to Erasure: You may request deletion of your personal data. Since data is stored locally, you can delete it directly from your device.
• Right to Data Portability: Your data is stored in standard formats on your device and is fully portable.
• Right to Object: You may object to processing of your personal data at any time.
• Right to Restrict Processing: You may request restriction of processing your personal data.

Legal Basis for Processing: We process data based on your consent (analytics) and legitimate interest (providing the service you requested). On-device processing does not involve the transfer of personal data to us.

Data Transfers: When you use AI features, text data is sent to Google's Gemini API through our Cloudflare Worker proxy. Our proxy strips identity headers before forwarding to Google. Google processes this data in accordance with their terms of service. No audio or voice data is transferred outside your device.

To exercise any of these rights, contact us at legal@mimicscribe.app.

Subprocessors

The following third-party services may process data on our behalf:

Cookies

This website uses functional cookies solely for the feedback board (anonymous session identity and admin authentication). We do not use analytics, advertising, or tracking cookies.

Contact

Questions about this policy? Email us at legal@mimicscribe.app.