AsPeach ("we", "our", or "us"), operated by AsPeach (contact@aspeach.com), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our desktop application and website (collectively, the "Service").

By using AsPeach, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Core Privacy Principle — Local-First Architecture

AsPeach is designed with privacy as its foundation. All voice-to-text transcription is processed 100% locally on your device by default.

Your audio recordings are never transmitted to our servers or any third-party servers.
All speech recognition is performed using the open-source Whisper AI model (developed by OpenAI, licensed under MIT) running entirely on your hardware.
No audio data, transcription content, or dictation history leaves your machine during the transcription process.
The application works fully offline — no internet connection is required for core transcription functionality.
We cannot access, read, or recover your transcriptions because they never leave your device.

1.1 Cloud AI Providers (Optional, BYOK)

AsPeach supports optional cloud-based AI features using a "Bring Your Own Key" (BYOK) model. If you choose to configure a cloud AI provider (such as Groq, OpenAI, or Anthropic), your transcription text may be sent to that provider's API for processing (e.g., AI-assisted text refinement, chat, or custom prompts). This only occurs when you explicitly configure and use a cloud provider with your own API key.

Local AI (Ollama): When using a local AI provider such as Ollama, all AI processing remains on your device. No text is sent to any external service.
Cloud AI (Groq, OpenAI, Anthropic): When using a cloud AI provider, transcription text and prompts are sent to that provider's servers for processing. Your API key is stored locally on your device using your operating system's secure credential storage (e.g., macOS Keychain). We never receive or store your API keys on our servers.
Please refer to Groq's Privacy Policy, OpenAI's Privacy Policy, and Anthropic's Privacy Policy for details on how they handle data sent to their APIs.

1.2 Smart Transcription — Speaker Profiles (Optional, Local-Only)

AsPeach offers an optional Smart Transcription feature that creates speaker profiles to improve transcription accuracy by distinguishing between different speakers. This feature:

Creates numerical signatures (approximately 1KB per speaker) — not audio recordings. These signatures cannot be reversed to reconstruct anyone's voice.
Stores all speaker profiles exclusively on your local device — they are never uploaded to our servers or any third party.
Requires explicit opt-in — this feature is disabled by default and requires your consent to enable.
Can be deleted at any time — you can delete individual speaker profiles or all profiles from the app settings.
Speaker profiles are used solely to improve the accuracy of speaker attribution in your transcriptions. You are responsible for informing other participants if you use this feature during shared conversations.

1.2.1 Voice Recognition — User Voice Filtering (Optional, Local-Only)

AsPeach offers a separate optional Voice Recognition feature that learns your voice specifically, so the assistant can filter out background speech (TV, YouTube, podcasts, people nearby) and respond only to commands spoken by you. This feature is distinct from Smart Transcription (which attributes speech to multiple participants in a meeting). Voice Recognition:

Extracts a simplified numerical fingerprint from audio you record through AsPeach — based on voice features such as energy envelope, zero-crossing rate, and spectral centroid. This fingerprint is not an audio recording and cannot be reversed to reconstruct your voice.
Is stored exclusively on the device that created it, in AsPeach's local application data folder. The fingerprint is never uploaded, synced, or shared with AsPeach servers, third parties, or any other device — including other devices owned by you. If you use AsPeach on multiple devices, each device builds its own independent local fingerprint.
Is encrypted at rest using OS-level credential storage when available (macOS Keychain via Electron safeStorage, Windows DPAPI via Electron safeStorage). The encryption key is managed by your operating system and tied to your user account; AsPeach itself never sees the key material. On systems where OS-level credential storage is unavailable (for example, some Linux configurations without a keyring service), the fingerprint falls back to a plaintext file protected only by standard filesystem permissions. Your consent history record is encrypted at rest under the same scheme.
Requires explicit, affirmative consent before any data is extracted. When you enable the feature, a consent dialog presents each material disclosure as a separate checkbox. You must tick every required box individually, and the Grant Consent button remains disabled until a minimum read interval has elapsed. This flow is designed to ensure that consent cannot be granted accidentally.
Creates a local, tamper-evident consent record each time you grant or revoke consent. The record includes a timestamp, the duration the consent dialog was visible, the verbatim disclosure text you saw, which checkboxes you ticked, the feature name, the app version, and the platform. This record is stored on your device (never uploaded) and is available for your review via Account → Voice Recognition → View Consent History. Its purpose is to document your explicit choice and to support your rights of access and revocation under applicable privacy laws.
Builds the fingerprint incrementally from your normal recordings once enabled — each successful transcription session contributes one sample. A minimum number of samples must accumulate before the filter becomes active. AsPeach applies an automatic contamination check that rejects samples in which the audio appears to contain multiple distinct speakers, so background speech does not poison the profile.
Can be deleted at any time, from Account → Voice Recognition → Delete Voice Profile. Deletion is immediate: the fingerprint is removed from disk, the feature is disabled, and a revocation event is added to the local consent record. Uninstalling AsPeach also removes the fingerprint along with all other local data.
Is biometric data under certain privacy laws (including the European Union's GDPR Article 9 "special category" data and the Illinois Biometric Information Privacy Act). Because the fingerprint is extracted, stored, processed, and deleted entirely on your local device and is never received by AsPeach or any third party, AsPeach is not a "processor" or "possessor" of this data within the meaning of those laws. No fingerprint data is ever transmitted, and no server-side processing of voice biometric data occurs.

1.2.2 Speaker Attribution in Recordings (Ephemeral, Local-Only)

When Voice Recognition (§1.2.1) is enabled, AsPeach can distinguish between your voice and other voices captured by your microphone during a recording, so the resulting transcript can label non-user segments as "Other 1", "Other 2", etc. This is a purely in-memory, per-recording labelling feature. It exists to help you read back a recording and know which parts were yours and which weren't.

Ephemeral by default. Clustering of non-user voices happens entirely in your computer's RAM, within the lifetime of a single recording. At the start of every new recording the cluster list is wiped, so "Other 1" in today's recording is not the same person as "Other 1" in yesterday's. There is no cross-recording identity for non-user voices.
No third-party fingerprint is ever written to disk when speaker attribution is running in its default ephemeral mode. The on-disk voice profile stored in AsPeach's application data folder contains only your own voiceprint (see §1.2.1). Any cluster data about non-user voices is held only in process memory and is garbage-collected at the end of the recording, alongside the process itself on app quit.
No third-party fingerprint is ever uploaded, synced, or transmitted. As with your own voiceprint, non-user cluster data never leaves the device. It does not reach AsPeach servers and is not shared with any third party.
No separate consent is required beyond Voice Recognition itself. Because nothing about non-user voices is retained, AsPeach is not collecting, capturing, storing, or possessing biometric identifiers of third parties within the meaning of biometric-privacy laws that turn on retention (including the European Union's GDPR Article 9 and the Illinois Biometric Information Privacy Act). Your own Voice Recognition consent covers the use of the existing voiceprint to distinguish you from everyone else during a recording.
You remain responsible for the underlying recording. AsPeach is a recording tool; the operation of the tool and the choice of what to record is yours. In some jurisdictions, recording a conversation requires the knowledge or consent of all participants, regardless of whether any biometric data is stored. You are responsible for complying with the recording-consent, workplace, and data-protection laws of your jurisdiction.
Speaker attribution currently runs only on your own recordings — dictation captured through your microphone on this device. A future "meeting bot" feature may run the same underlying clustering engine in a persistent mode for meetings where AsPeach joins as a visible participant (for example via Zoom, Google Meet, or Microsoft Teams). Persistent-mode behaviour, and any storage of non-user biometric identifiers that comes with it, will be disclosed separately in an updated version of this policy when that feature ships, and will be gated by its own platform-aware consent flow. Persistent mode is not enabled or exposed in the current version of AsPeach.

1.3 End-to-End Encryption

All data synced to our servers (Pro+ subscribers) is protected by end-to-end encryption (E2E):

Data is encrypted on your device using AES-256-GCM before it leaves your machine.
Your encryption key is derived from a PIN that only you know. The key is protected by your operating system's secure credential storage (macOS Keychain / Windows Credential Manager).
An encrypted backup of your key is stored on our server to support cross-device sync. This backup can only be decrypted with your PIN — AsPeach cannot access it.
If you forget your PIN, your encrypted data cannot be recovered. This is by design — it ensures that no one, including AsPeach, can access your data without your authorization.
AsPeach employees, systems, and infrastructure cannot read, access, or process your encrypted content under any circumstances.

2. System Permissions

AsPeach requests the following system permissions to function:

Microphone Access: Required to capture your voice for transcription. Audio is processed locally and immediately discarded after transcription. We do not record, store, or transmit audio files.
Accessibility Permissions (macOS): Required to detect the active application (for context-aware features) and to paste transcribed text. We do not log, monitor, or transmit information about your application usage.
Keyboard Input Simulation: Required to paste transcribed text at your cursor position. We do not capture, log, or monitor your keystrokes.
Screen Capture (macOS, optional): If enabled, allows AsPeach to read on-screen content to provide context-aware voice commands. Screen data is processed locally and is never transmitted, stored, or logged. This permission is optional and the feature only activates when you explicitly use it.

These permissions are used solely to provide the core dictation functionality and are never used for surveillance, data collection, or any purpose beyond the immediate features you are using.

3. Information We Collect

3.1 Information You Provide

Account Information: If you sign in using a third-party authentication provider (such as Google, GitHub, X (Twitter), Microsoft, Email (passwordless magic link), and other providers through Firebase Authentication) to access Pro features, we receive your email address, display name, and profile picture from that provider. We do not receive or store your password.
Payment Information: Payments are processed by Lemon Squeezy, our third-party payment processor. We do not directly collect or store credit card numbers, bank account details, or other financial information. Please refer to Lemon Squeezy's Privacy Policy for details on how they handle payment data.
Support Communications: If you contact us for support, we may retain your email address and correspondence to resolve your issue.
Feedback and Bug Reports: If you submit feedback or a bug report through the in-app feedback system, we collect your email address (if provided), platform (macOS/Windows), app version, and the content of your message. This information is used solely to address your feedback or diagnose reported issues.
Cloud Sync (Pro, Opt-In): If you are a Pro subscriber and explicitly enable Cloud Sync, the following data may be synced to our servers: dictionary entries, text snippets, custom prompts, transcription history (including the name of the application you were using at the time of each transcription), AI chat history, and app settings. Cloud Sync requires your explicit consent via an in-app toggle and can be disabled at any time. When disabled, your synced data is deleted from our servers. Your core dictation and transcription processing always remain 100% local regardless of Cloud Sync status.
Unleash Mode / Smart Transcription (Pro+, Opt-In): If you enable Unleash mode, AsPeach may process meeting content including attributed transcriptions (who said what), extracted insights, promises, and session summaries. This data is synced to our servers using end-to-end encryption — encrypted on your device before transmission. AsPeach cannot read, access, or decrypt this data. Only you hold the decryption key, protected by a PIN you set during setup. If you forget your PIN, encrypted server data cannot be recovered.
Meeting Content About Third Parties: When Unleash mode is active during meetings, AsPeach processes and attributes spoken content to meeting participants. You are solely responsible for informing other meeting participants that content may be transcribed and processed. Attributed content is stored in encrypted form as described above.
Multi-Device Remote Control: AsPeach allows you to send commands to your Mac from a mobile app or web browser. When using this feature: (a) command text is transmitted via our relay server to route it to your paired Mac — the server does not store command content beyond the delivery window (maximum 24 hours for offline queue, then automatically deleted); (b) device pairing uses one-time codes (60-second expiry) and does not require sharing personal data; (c) your Mac executes commands locally — results are routed back through the relay and not stored; (d) device session information (device name, type, capabilities, active status) is stored as part of your session data for device management purposes.

3.2 Information Collected Automatically

Device Identifier: A cryptographically hashed machine identifier used solely for session management and device limits (one active device at a time). This identifier cannot be used to identify you personally or track you across services.
Usage Statistics: Aggregate, non-identifying usage data such as number of transcriptions performed, word counts, and recording duration (for free tier limits and feature usage tracking). This data does not include the content, language, or any substantive details of your transcriptions.
Country Code: When your device communicates with our servers (e.g., session heartbeat), we derive and store your two-letter country code (e.g., "US", "DE") from your IP address for aggregate geographic analytics. The country code cannot identify you personally and is used solely for anonymous usage analytics visible only to our team.
IP Addresses and User Agent: Your IP address and browser/app user agent string may be stored in limited circumstances as a legitimate interest: (a) as part of consent audit trails to maintain a verifiable record of your consent actions as required by applicable data protection laws, and (b) as part of automated fraud detection and abuse prevention (see Section 6). This data is not used for analytics, advertising, or any purpose beyond its stated use.
Website Analytics: When visiting aspeach.com, we use PostHog for analytics, which may collect standard web analytics data (pages visited, referral source, browser type, session recordings). PostHog analytics, including session recording, only activates after you provide cookie consent. Session recordings automatically mask password fields and sensitive form inputs. See our Cookie Policy for details.
Error Reports: If the application crashes, we may receive anonymized crash reports to help improve stability. These reports do not contain transcription content or personal data.

3.3 Information We Do NOT Collect

We want to be absolutely clear about what we do NOT collect:

Audio recordings, voice samples, or any sound data — audio is processed locally and immediately discarded
Transcription content in readable form on our servers — all synced content is end-to-end encrypted and unreadable by AsPeach
Keystrokes, passwords, or typed input
Screen content, screenshots, or display information
Contents of other applications on your device
Browsing history or search queries
Precise location data or GPS coordinates (we only store a two-letter country code for anonymous analytics; IP addresses are stored only for consent audit trails and fraud prevention as described in Sections 3.2 and 6)
Contacts, calendar, photos, or personal files
Clipboard content
Health or medical information

4. How We Use Your Information

Authentication: To verify your identity and manage your account session.
Service Delivery: To provide Pro features, validate your subscription status, and deliver Cloud Sync and other services you opt into.
Device Management: To enforce the one-active-device-at-a-time policy for your account security and to prevent unauthorized sharing.
Usage Limits: To track transcription counts for the free tier (rolling 5-hour window).
Communication: To send critical service-related notices (e.g., subscription changes, security alerts, major updates). We do not send marketing emails or newsletters without your explicit consent.
Improvement: To analyze aggregate, anonymous usage patterns (including country-level geographic distribution) to improve the Service. We never access individual user content for analytics.
Security: To detect, prevent, and respond to fraud, abuse, or security incidents.

5. Data Sharing and Disclosure

We do not sell, rent, trade, or monetize your personal information in any way. We may share data only in these limited circumstances:

Service Providers: Firebase Authentication (Google and other OAuth providers), Lemon Squeezy (payments), MongoDB Atlas (database hosting), Vercel (website hosting), PostHog (website analytics and session recording), Resend (operational email delivery). These providers process data only as necessary to provide their services to us, under contractual obligations to protect your data and prohibitions against using it for their own purposes.
Cloud AI Providers (Your Choice): If you choose to configure a cloud AI provider (Groq, OpenAI, Anthropic) using your own API key, your transcription text and prompts are sent directly from your device to that provider. We do not intermediate or store this data. Your relationship with these providers is governed by their respective privacy policies and your API key agreement with them.
Legal Requirements: If required by law, subpoena, court order, or governmental request. We will notify you of such requests when legally permitted to do so.
Protection of Rights: If necessary to protect the rights, property, or safety of AsPeach, our users, or the public.
Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets, in which case your data would remain subject to this Privacy Policy and the acquiring entity would be bound by its terms.
With Your Consent: In any other circumstance, only with your explicit, informed consent.

6. Data Security

We implement industry-standard security measures to protect your data:

Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.2 or higher.
Encryption at Rest: Account data stored on our servers is encrypted.
Secure Authentication: We use OAuth 2.0 via Firebase Authentication (including Google and other supported providers) for secure sign-in without handling your password.
Access Controls: Access to user data is strictly limited to authorized personnel on a need-to-know basis.
Regular Audits: We regularly review our security practices and update them as needed.
Automated Fraud Detection: We employ automated systems to detect and prevent abuse, unauthorized access, and fraudulent activity. These systems may log device identifiers, IP addresses, and usage patterns when suspicious activity is detected. This data is used solely for security purposes and is retained only as long as necessary to investigate and resolve incidents.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information using commercially reasonable measures, we cannot guarantee absolute security against all threats.

7. Data Retention

Account Data: Retained for as long as your account is active. Upon deletion request, all account data is permanently and irreversibly deleted within 30 days. Consent audit logs are anonymized rather than deleted (user ID, IP address, and user agent are replaced with non-identifying placeholders) to maintain legally required records of consent actions while removing all personally identifiable information.
Cloud Sync Data: If you enable Cloud Sync (Pro feature), synced data (dictionary, snippets, history, custom prompts, AI chat history, settings) is retained while your account is active and Cloud Sync is enabled. When you disable Cloud Sync, your synced history and AI chat data are deleted immediately from our servers. All synced data is deleted within 30 days after account deletion.
Usage Statistics: Aggregate, anonymized statistics that cannot be linked to individuals may be retained indefinitely for service improvement.
On-Device Data: All data stored on your device (transcriptions, dictionaries, settings) is under your sole control. This data is never transmitted to our servers and remains on your device until you choose to delete it. If you uninstall the application, you should manually delete the application data folder if you want to remove all traces.
Backups: Server backups may retain deleted data for up to 90 days for disaster recovery purposes, after which they are permanently purged.

8. Your Rights

Regardless of your location, we provide all users with the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate personal data.
Deletion: Request deletion of your personal data and account.
Portability: Request your data in a portable, machine-readable format (JSON).
Objection: Object to the processing of your personal data for certain purposes.
Restriction: Request restriction of processing of your personal data.
Withdraw Consent: Withdraw consent at any time where we rely on consent for processing.

To exercise these rights, you can use the self-service options built into the AsPeach app (Account tab → Export My Data or Delete Account), or contact us at privacy@aspeach.com. We will respond to all requests within 30 days. There is no fee to exercise your rights.

9. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis: We process your data based on: (a) your consent, (b) performance of a contract (providing the Service you requested), (c) compliance with legal obligations, (d) legitimate interests (improving the Service, preventing fraud, ensuring security) where those interests are not overridden by your rights.
Data Controller: AsPeach (contact@aspeach.com) is the data controller responsible for your personal data.
Data Protection Contact: For GDPR inquiries, contact privacy@aspeach.com or contact@aspeach.com.
Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your rights.
International Transfers: Your data may be transferred to and processed in countries outside the EEA (including the United States). We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

10. CCPA/CPRA Compliance (California Users)

If you are a California resident, under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) you have the right to:

Know: What personal information is collected, used, shared, or sold.
Delete: Request deletion of your personal information.
Opt-Out: Opt out of the sale or sharing of personal information. We do not sell or share your personal information for targeted advertising.
Correct: Request correction of inaccurate personal information.
Non-Discrimination: Not be discriminated against for exercising your privacy rights.
Limit Use: Limit the use of sensitive personal information. We do not collect sensitive personal information as defined by CPRA.

To exercise your California privacy rights, email privacy@aspeach.com with the subject line "California Privacy Request." We will verify your identity before processing your request.

11. Children's Privacy (COPPA)

AsPeach is not intended for use by children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@aspeach.com. If we discover that we have inadvertently collected personal information from a child, we will delete it promptly.

12. Do Not Track

Some browsers have a "Do Not Track" feature. Our website currently does not respond to DNT signals. However, as stated throughout this policy, we do not track users across third-party websites and do not engage in behavioral advertising.

13. Open Source Components

AsPeach uses the open-source Whisper AI model developed by OpenAI (licensed under the MIT License) for core transcription. This model runs locally on your device. Using open-source software does not mean your data is shared with the creators of that software — the model executes entirely on your hardware. AsPeach also supports optional local AI providers such as Ollama, which similarly run entirely on your device. For cloud AI providers configured by you (see Section 1.1), data handling is governed by those providers' respective policies.

14. Third-Party Links

The Service may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by: (a) posting the updated policy on this page, (b) updating the "Last updated" date, and (c) for significant changes, sending an email notification or displaying an in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy. If you disagree with any changes, you should stop using the Service and delete your account.

16. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, contact us at:

Email: privacy@aspeach.com
Support: support@aspeach.com
Website: aspeach.com

We take privacy concerns seriously and will respond to all inquiries within 30 days.