Where dictation apps keep your transcripts
Six apps audited for what they store, what they encrypt, and what you can turn off, as of July 12, 2026
Most dictation apps quietly keep a copy of everything you say. We audited six popular tools, open-source apps at the source-code level and closed apps from their own docs, for what is stored, whether it is encrypted at rest, and whether cloud upload can be fully switched off, as of July 12, 2026. Two store plaintext transcripts and audio of every dictation unconditionally; one has no local mode at all.
Updated
At a glance
Most answers to "is dictation software private" come from the vendors themselves. We went to the primary sources instead: the apps' own source code where it is public, and the vendors' own published documentation where it is not. This is what six popular dictation tools actually do with your words.
- What we checked
- Transcript storage, audio at rest, encryption, history-off controls, locks on stored history, cloud kill-switches, and the compliance claims each vendor makes.
- How we checked it
- Open-source apps at source-code level, with the commit pinned. Closed apps from their own published docs, quoted in good faith. Every cell is dated as of July 12, 2026.
- The headline finding
- Local is not the same as private. Two local apps store plaintext transcripts and unencrypted audio of every dictation, unconditionally. Locality answers the network question, not the at-rest question.
- Who this is for
- Anyone dictating things they would not paste into a public channel: client matters, patient notes, unreleased work, or just their own mail.
How we audited six dictation apps
We ran the audit on July 12, 2026, and every claim on this page is anchored to that date. For the three open-source apps, Handy, VoiceInk, and OpenWhispr, we read the source code itself and pinned the version: Handy at v0.9.2 (commit ea10f745), VoiceInk at v1.79 (commit cf0c366), and OpenWhispr at v1.7.5. For the two closed apps, Superwhisper and Wispr Flow, code was not available, so their cells summarize the vendors' own published documentation, fetched the same day. Whisperstream's column describes Lockdown Mode, audited under the same rules and written in the same register.
Two fairness rules govern everything here. First, the behaviors we describe are design choices, not vulnerabilities. Storing history in a plain database is a legitimate decision that many users will never mind; our job is to tell you it happens, not to condemn it. Second, where a vendor makes a compliance claim, we report the claim exactly as the vendor states it, with attribution. We did not evaluate any vendor's compliance program, and nothing here disputes one.
Software changes faster than pages do. Any of these apps could ship encryption, a history toggle, or a lock next week, and we would welcome it. If you are one of these vendors, or a user who spots a cell our audit date has outrun, tell us and we will re-verify against the current version and update the page.
What each app stores
Six questions, six apps, one audit date: July 12, 2026.
Swipe horizontally to see every column.
All cells as of July 12, 2026. Handy, VoiceInk, and OpenWhispr are open source, so their cells describe the source code at the pinned versions below; the behaviors described are design choices those projects made, not vulnerabilities. Superwhisper and Wispr Flow cells summarize the vendors' own published documentation, quoted in good faith; compliance claims are reported exactly as the vendors state them, and we did not evaluate them. Whisperstream's column describes Lockdown Mode and is held to the same factual register. Vendors ship changes; if a cell has gone stale, tell us and we will re-verify.
Sources
- Whisperstream: first-party, Lockdown Mode as shipped, audited July 12, 2026.
- Handy: source code at github.com/cjpais/Handy, commit ea10f745 (v0.9.2), audited July 12, 2026.
- VoiceInk: source code at github.com/Beingpax/VoiceInk, commit cf0c366 (v1.79), audited July 12, 2026.
- OpenWhispr: source code at github.com/OpenWhispr/openwhispr (v1.7.5), plus openwhispr.com and trust.openwhispr.com, audited July 12, 2026.
- Superwhisper: superwhisper.com site and documentation, fetched July 12, 2026.
- Wispr Flow: wisprflow.ai privacy policy, data controls page, and docs, fetched July 12, 2026.
What we found, app by app
Whisperstream (Lockdown Mode)
We audited our own app under the same rules, so here is the same plain accounting. In Lockdown Mode, transcript history is encrypted at rest with AES-256-GCM behind a password, locks again automatically after idle time you set, and answers repeated failed unlocks with escalating delays. Audio is saved only if you turn saving on, and it is encrypted the same way when you do. A content-free access log records when history is opened or locked, never what it says, and cloud providers are turned off, with AI cleanup running on-device. The limits, stated plainly: Whisperstream relies on your Windows account for identity, so people who share a login share an identity; Lockdown Mode is a configuration you enable, not the only way to run the app; and none of this is a certification of anything.
Handy
Handy is a free, open-source dictation app, and its code backs its headline promise: speech-to-text runs fully on your device, and its optional cloud post-processing is off by default. The same code answers the at-rest questions. Per its source at v0.9.2 (commit ea10f745, audited July 12, 2026), transcript history goes into a plain SQLite database with no encryption, every recording is written to disk as an unencrypted WAV with no history-off toggle in settings, and the "Never" retention option keeps recordings indefinitely. There is no password or lock on history, and we found no telemetry in its manifests. These are design choices, and for many users they are perfectly fine ones; they matter when other people can reach the disk.
VoiceInk
VoiceInk is an open-source macOS dictation app, local by default. Per its source at v1.79 (commit cf0c366, audited July 12, 2026), every transcription is inserted into a plain SwiftData store unconditionally, with no app-level encryption; its privacy policy defers to the device's system-level encryption instead. Full audio of every dictation is kept as a plaintext .wav, with auto-delete off by default. It ships seven-plus optional cloud transcription providers alongside the local engine, with no single disable-all-cloud mode. There is no lock on history, we found no analytics SDKs in its dependency manifest, and it makes no compliance claims.
OpenWhispr
OpenWhispr is an open-source, Electron-based dictation app from Gizmo Labs. Per its source at v1.7.5 (audited July 12, 2026), transcript history is persisted to a plaintext SQLite database, and its own privacy policy says the local database is unencrypted by OpenWhispr, relying on the operating system's disk encryption. Recorded audio is kept as plain files, on by default with a 30-day retention, and we found no password or lock on history. Cloud transcription is the default mode, with local Whisper as an opt-in. One thing its code does well: API keys are encrypted with a keychain-held master key. On compliance, we report both of its own statements: its medical-dictation page says it is not a certified medical product and does not market itself as HIPAA-certified, while its company trust center lists HIPAA as Compliant, with SOC 2 and ISO 27001 in progress.
Superwhisper
Superwhisper is closed source, so its row comes from its own documentation, fetched July 12, 2026. Its docs state that all transcription history is stored locally on your device and that recordings are saved, by default, to a recordings folder in Documents; across the three pages we checked, we found no statement about encryption at rest and no documented password or lock on history. A recording retention setting shipped in v2.11.0 (March 12, 2026). The docs describe configuring Superwhisper to run entirely on your device per-mode, with no single global cloud switch documented; its cloud transcription routes through Superwhisper's own proxy. Its site states it is SOC 2 Type II certified and HIPAA compliant, with a BAA available through its data room; we report those claims as Superwhisper makes them.
Wispr Flow
Wispr Flow is a cloud service by design, and its documentation is candid about it: per its data controls page, fetched July 12, 2026, transcription always occurs on the cloud, so audio transits its servers even in the most private configuration. With Cloud Sync off, audio and transcripts are processed in real time and discarded after the request completes. Private Cloud Sync is on by default for new users, storing audio and transcripts server-side until account deletion, with no published retention period. Without Privacy Mode, which is opt-in, dictation data may be used to improve Flow's features and AI models. Local per-device history exists, with no documented app-level encryption or lock; the documented mitigations are "Never store data locally" or 24-hour auto-delete. Wispr Flow states it is fully HIPAA compliant, offers a BAA on all plans that locks Privacy Mode on, and lists SOC 2 Type I (April 2026) and ISO 27001 Stage 1.
Why local is not the same as private
"Is dictation software private" usually gets answered with a network diagram: if your audio never leaves the machine, the answer is yes. That answer is half right. A local app removes the vendor from the picture, which is a real and valuable property, and it is why we build one. But it answers the network question only. The other question is what the app leaves behind on the machine itself.
Two of the local apps in this audit store plaintext transcripts and unencrypted audio of every dictation, unconditionally, per their source code as of July 12, 2026. That means months of everything their users have said sitting readable on disk: readable to anyone who shares the PC, to whatever backs the folder up, to a sync client that mirrors it to another machine, and to whoever ends up with a lost or stolen laptop. None of that involves the network, and none of it is a bug. It is simply a different question than the one "local" answers.
So when you evaluate a dictation tool for sensitive work, ask the at-rest questions too. The four below are the ones this audit was built around, and any vendor should be able to answer them in a sentence each.
- Encryption at rest
- Stored transcripts and audio should be unreadable without a key, not plain files any process or person on the machine can open.
- A capture-off control
- A history-off switch or a retention setting, so the app only keeps what you choose to keep, for as long as you choose.
- A lock
- A password with an auto-lock, so stored history is not one click away for whoever sits down at your PC.
- A no-cloud switch
- One switch that blocks every cloud path, not a scavenger hunt through per-feature settings.
Related comparisons
Frequently asked questions
Own your dictation.$29 once.Fully local.
Free to try. No account.