Privacy Policy

Summary

• MimicScribe performs all speech recognition on-device using Apple's CoreML framework. Your audio never leaves your Mac.
• When you use AI features, transcribed text is sent to Google's Gemini API through a proxy server we operate. Unlimited subscribers can optionally use their own Gemini API key, sending data directly to Google and bypassing our servers entirely. Audio is never sent.
• No account or login is required — your usage is never tied to your identity.
• Analytics and crash reporting can be enabled during onboarding and toggled at any time in Settings.
• We are compliant with CCPA and GDPR.
• You can enable Local Mode for any meeting to keep all data on-device — no cloud processing of any kind.
• You are responsible for obtaining consent from meeting participants where required by law.

What We Do Not Collect

• We do not require an account, login, or email address. Your usage is never linked to your identity.
• We do not upload, stream, or transmit your audio recordings.
• We do not log keystrokes.
• We do not use advertising networks or cross-site tracking.
• We do not sell your data to any third party.
• We do not fingerprint your device. The only device-derived value is a one-way hash of your hardware UUID, used solely for free-tier rate limiting on our proxy. It cannot be reversed to identify your Mac.

How Your Data Flows

This diagram shows exactly what stays on your Mac and what reaches the cloud when you use AI features:

Temporary WAV files used during processing are deleted when the meeting ends. You can opt to save meeting recordings in Settings — saved audio is stored locally and never transmitted. If you enable Local Mode for a meeting, nothing below the dashed line happens — the entire flow stays on your Mac.

Data Processed On-Device

The following data is created and stored exclusively on your Mac and is never transmitted to any server:

• Audio recordings (stored in ~/Documents/MimicScribe/Recordings/)
• Voice embeddings for speaker recognition — short numerical fingerprints derived from each speaker's voice during a meeting, used to distinguish who is speaking. Created during recording and stored only in your local database.
• Speaker profiles and diarization data
• Search indexes — numerical representations of your meeting content used for search and reference document retrieval. Generated on-device and never transmitted.
• App settings and preferences (stored separately in ~/Library/Preferences/)

Database stored in: ~/Library/Application Support/app.mimicscribe/

Data Sent to External Services

Certain features require communication with external services. By default, API traffic is routed through a proxy server we operate on Cloudflare Workers (mimicscribe.app/api). The proxy is open source — you can inspect exactly how requests are handled. Unlimited subscribers can use their own Gemini API key to bypass the proxy entirely — see Bring Your Own Key below. In all cases, only the minimum necessary data is transmitted:

• Gemini API (Google) — via our proxy: When you use AI features (summaries, speaker attribution, meeting assistant, transform mode, text refinement), the relevant transcribed text is sent to Google's Gemini API through our Cloudflare Worker proxy. Audio is never sent. Depending on the feature, the request may also include:
  • Your personal context and vocabulary list — included automatically when configured in Preferences
  • Meeting attendee names and email addresses — included only when you have granted calendar access and a matching calendar event is found
  • Relevant sections of reference documents — included only when you have added context sources in Settings and the content matches the current conversation
  • Selected text from the active application — sent only when you use voice editing (transform mode) on highlighted text
  • Clipboard text — sent only when you explicitly say "clipboard" or "pasteboard" in a voice instruction

  Our proxy strips all identity headers before forwarding requests to Google — Google does not receive your device identifier or license key.

• Device identifier: Free users are identified by a one-way SHA-256 hash of the hardware UUID. This hash is used solely for rate limiting and free-tier usage tracking on our proxy. It is not shared with Google or any other third party.
• Usage reporting: For Unlimited subscribers, aggregate token usage (token counts, feature name, model, and billing period — no transcript content) is reported to our server periodically for billing purposes.
• License validation: Subscription license keys are validated against our server on app launch and periodically. No personal data beyond the license key is sent. Billing and checkout are handled by Stripe.
• App Updates (Sparkle): MimicScribe checks for updates daily using the Sparkle framework. The update request includes a standard User-Agent header containing the app version, macOS version, and system locale. Your IP address may be logged by the update server.
• Analytics (opt-in): During onboarding, you are given the option to enable anonymous analytics (the toggle defaults to on, and is automatically turned off if you choose Local Mode). When enabled, anonymous events fall into three categories: activity (which features you use and when), reliability (model load failures, recording errors, API errors), and adoption (initial choices like provider, template, and whether you use optional features such as bring-your-own-key). Each event includes the event name, app version, OS version, an anonymous one-way hash of your hardware identifier, and a timestamp — never your transcripts, file names, or other user content. Reliability events carry only error type names and categorical codes (for example, an HTTP status code or an error class name) — never error messages or stack traces. The device hash uses a different salt than the billing identifier, so the two cannot be correlated. Analytics can be disabled at any time in Settings. Data is sent to our own server, not a third-party analytics service, and is automatically deleted after 90 days. The categories above are an upper bound on what we collect; future versions may add new events within these categories to better understand how the product is used, but will never include user content.
• Crash diagnostics (opt-in): When enabled, the app collects two kinds of stability data: anonymous crash and hang reports delivered by Apple's MetricKit framework the day after they occur, and — on the next launch following an unhandled exception — a one-shot envelope containing the exception name and the top stack frames (function names + offsets). We deliberately do not capture exception reason strings, since Cocoa runtime exceptions can embed object descriptions that may include user content. No transcripts, file paths, or user content are included. Crash diagnostics can be disabled at any time in Settings and are automatically deleted after 90 days.
• Pre-consent buffering: Analytics or crash diagnostics that occur before you reach the privacy screen during onboarding (for example, a model download failure on first launch) are held in a local file on your machine and never transmitted. When you finish onboarding, your choices are honored: enabled categories flush their local buffer to our server; disabled categories delete their buffer without sending anything. If you decline both, no data leaves your Mac.
• Model downloads: On first launch, speech recognition models (~600 MB) are downloaded from a remote server and cached locally. No personal data is sent during the download.

Local Mode

When Local Mode is enabled for a meeting, no transcript text, metadata, or any other data is transmitted to external services for that meeting. Speech recognition and speaker separation run entirely on-device using CoreML. AI features that require cloud processing — including summaries, speaker naming, action items, and the meeting assistant — are unavailable for that meeting. You can choose to process the meeting with AI later by disabling Local Mode for that meeting after it ends.

Local Mode applies to that meeting's content. Anonymous activity counters with no meeting content (for example, that a meeting completed and its rough duration) may still be sent if you have analytics enabled in Settings — these never include the meeting's transcript, audio, title, or participants. To suppress all outbound traffic completely, also disable analytics and crash diagnostics in Settings.

You can verify the absence of cloud traffic at any time using the built-in nettop and lsof commands. See Network Activity for the full inventory of endpoints and step-by-step verification.

Bring Your Own Key

Unlimited subscribers can enter their own Gemini API key in Settings → Subscription. When a key is active:

• Transcript text is sent directly to Google's Gemini API — it never passes through our proxy or any server we operate.
• No device identifier, license key, or other identity information is included in the request. The only credential sent is your API key.
• Usage is still tracked locally on your device for your own reference, but no usage data is reported to our servers for Gemini requests.

The key is validated with a lightweight API call before it is saved. You can remove it at any time in Settings to return to the default proxy path.

BYOK affects only transcript text. If you have analytics or crash diagnostics enabled in Settings, those events continue to be sent to our server independent of your API key choice. To minimize all contact with our infrastructure, also disable analytics and crash diagnostics in Settings.

Device Permissions

MimicScribe requests the following macOS permissions to function:

• Microphone: Used for speech-to-text transcription. Audio is processed entirely on-device.
• System Audio Recording: Captures audio from video calls during meeting recording. This is audio only — no screen content or video is captured. The audio is processed on-device and stored locally.
• Accessibility (optional): Used by voice editing features to read selected text in the active application and to paste results at the cursor. Not required for meeting recording. Accessibility data is read only at the moment you invoke a feature — no persistent observers are installed.
• Calendar (optional): When enabled in Settings, reads attendee names and meeting titles from your calendar to provide context for meeting summaries. Disabled by default — no calendar data is accessed unless you explicitly turn this on.

Clipboard (voice editing only): When you use voice editing to insert or replace text, MimicScribe briefly snapshots and restores the clipboard to paste the result at your cursor. If you explicitly say "clipboard" or "pasteboard" in a voice instruction, the clipboard text is read and included in the AI request. Images on the clipboard are never read or sent. The clipboard is never accessed during meeting recording or at any other time.

Recording Consent

MimicScribe can record system audio and microphone input during meetings. Recording laws vary by jurisdiction — some require consent from all participants, others require consent from only one party.

You are solely responsible for obtaining any required consent from meeting participants before recording. This includes complying with federal, state, and local wiretapping and eavesdropping laws that apply to your situation.

MimicScribe does not notify meeting participants that a recording is in progress. If you are unsure whether consent is required, we recommend informing all participants before you begin recording.

Data Retention & Your Rights

All on-device data — including audio recordings, transcriptions, meeting records, and speaker profiles — is stored locally and remains entirely under your control. You can delete individual records from within the app or remove all data at once by deleting:

• ~/Library/Application Support/app.mimicscribe/ (database and app data)
• ~/Documents/MimicScribe/ (audio recordings)

Because your data lives on your device, no data access request to us is necessary — you already have it.

Regulatory Rights (GDPR & CCPA)

Because nearly all your data lives on your device, most privacy rights are satisfied by default — you can access, export, correct, or delete your data at any time without contacting us.

For the limited data that passes through our servers (transcript text sent to Gemini via our proxy — or directly to Google if using Bring Your Own Key — and aggregate usage counts for billing):

• We do not sell or share personal information for advertising.
• Our proxy does not log transcript content. Requests are forwarded to Google with identity headers stripped, then discarded.
• We process data based on your consent (analytics) and legitimate interest (providing the service). On-device processing does not involve the transfer of personal data to us.
• When AI features send text to Google's Gemini API, data is processed statelessly and is not used to train Google's models, in accordance with their API terms of service. No audio or voice data is transferred outside your device.

To exercise any regulatory rights or ask questions, contact us at legal@mimicscribe.app.

Third-Party Services

The following third-party services may process data on our behalf:

Cookies

This website uses only the following cookies:

• Feedback session: anonymous session identifier for the feedback board (so your vote or post can be attributed back to you on the same device without creating an account).
• Admin authentication: set only if you log in as an admin on the feedback board.
• Affiliate referral (PromoteKit): if you arrived via an affiliate link (a URL containing ?via=), a first-party cookie stores the referrer's ID so they receive commission if you subsequently subscribe. The cookie contains no personal information and expires after 60 days. Blocking it has no effect on your ability to use the site; only affiliate attribution is lost.

We do not use analytics, advertising, or cross-site tracking cookies.

Contact

Questions about this policy? Email us at legal@mimicscribe.app.