Whisperstream Privacy Policy

Version 1.0 -- Effective 2026-04-25

This Privacy Policy explains how Lanreal Technologies Inc. ("Lanreal," "we," "us," or "our") collects, uses, shares, and retains personal information in connection with the Whisperstream desktop application for Microsoft Windows (the "Software"). It also describes the rights you have with respect to that personal information and how to exercise them. By installing and using the Software, you acknowledge that you have read and understood this Privacy Policy.

Whisperstream is a local, on-device dictation application for Microsoft Windows. It captures microphone audio when you press a push-to-talk hotkey, transcribes that audio on your own computer using a speech recognition model that runs entirely on your CPU, and types the resulting text into the focused window. The Software keeps your voice recordings and your transcribed text on your device. The only personal information that leaves your device by default consists of narrow operational metadata (a license key, a hostname, and standard HTTP headers) sent to Polar, Hugging Face, and Cloudflare for license validation, software updates, and the one-time speech model download (see Section 3). If you voluntarily choose to submit a review or feedback through the in-app review feature (Section 3.5), or if you enable the optional cloud post-processing feature described in Section 6, additional data that you explicitly choose to submit will leave your device; both are user-initiated and described in detail in this Privacy Policy.

This Privacy Policy covers the Whisperstream desktop application only. It does not cover the marketing website at whisperstream.io, which is governed by a separate website privacy notice published at https://whisperstream.io/privacy-website. If you reached this document from the marketing site, please refer to the website privacy notice for information about how the site itself is operated.

This Privacy Policy also does not cover your relationship with Polar Software Inc., the Merchant of Record that handles the purchase of your Whisperstream license. When you buy the Software, Polar separately collects your email address and payment information through its own checkout flow. That information is governed by your relationship with Polar and by Polar's own privacy policy at https://polar.sh/legal/privacy; it is not transmitted by the Software and is not covered by this Privacy Policy.

In this Privacy Policy, 'personal information' means information about an identifiable individual, encompassing 'personal data' as defined by the GDPR (Article 4(1)), 'personal information' as defined by the CCPA (Cal. Civ. Code s.1798.140(v)), and 'personal information' as defined by Canadian federal privacy law (s.2(1)).

The data controller responsible for the personal information described in this Privacy Policy is:

Lanreal Technologies Inc. 18 King Street East, Suite 1400 Toronto, Ontario M5C 1C4 Canada

Lanreal is a corporation incorporated under the Business Corporations Act (Ontario). Our registered office is in the Province of Ontario, and our operations are governed by Canadian federal and provincial law applicable therein.

Privacy Officer designation. In accordance with Canadian federal privacy law (the Personal Information Protection and Electronic Documents Act), Lanreal Technologies Inc. has designated a Privacy Officer responsible for compliance with this Privacy Policy. The Privacy Officer can be contacted at [email protected]. Throughout the remainder of this document, "Canadian federal privacy law" refers to the statute named above.

Under the European Union General Data Protection Regulation (GDPR), Lanreal is the "controller" of the personal information described in this Privacy Policy. Under the California Consumer Privacy Act (CCPA), Lanreal is a "business" that collects personal information about California residents through the Software.

All privacy-related communication, including data subject rights requests, complaints, and general questions about this Privacy Policy, should be directed to [email protected]. This is Lanreal's single privacy contact channel for the Software.

EU Representative. Lanreal is in the process of designating a representative in the European Union in accordance with Article 27 of the General Data Protection Regulation. Until a representative has been designated, individuals in the European Economic Area may direct any questions or requests relating to the processing of their personal data under the GDPR to Lanreal directly at [email protected]. This policy will be updated with the representative's contact details once the designation is complete.

The Software is intentionally narrow in the information it handles. This section enumerates every category of information associated with your use of the Software, in the order in which the underlying network activity happens.

3.1 License activation and validation data

When you activate, validate, or deactivate your Whisperstream license, the Software sends the following data to Polar Software Inc.'s license-key API at api.polar.sh:

• your license key,
• the Whisperstream organization identifier (a static value that identifies the Whisperstream product inside Polar, not an identifier of you),
• the operating system family string returned by your operating system (for example, "Windows"), and
• your device's hostname, which is forwarded in both the label and meta fields so you can distinguish which of your devices a given license slot is assigned to.

In addition to the fields listed above, each request includes the standard HTTP headers automatically sent by the underlying HTTP library (including your IP address as seen by Polar's server).

Validation occurs approximately once per seven days while you are online and running a Pro license, and each time you explicitly activate or deactivate a device. No email address, no full device fingerprint (no MAC address, no disk serial, no CPU serial, no motherboard identifier), no usage data, and no information about the content of your transcriptions are sent as part of these requests.

Your device hostname is transmitted at the time of activation (whether an initial activation or a re-activation of a previously deactivated device). Periodic validation checks and deactivation requests transmit only the license key, the Whisperstream organization identifier, and the activation identifier; they do not re-transmit the hostname.

Data received from Polar in response. When you complete a license activation or validation, Polar's API response returns to the Software your customer email address and your customer name (as supplied by you during Polar checkout). The Software stores these values locally on your device, inside your Windows user profile, in the same HMAC-protected state file as your license key. The customer email is used when you choose to submit a review or feedback through the in-app review feature (see Section 3.5) to associate the submission with your licence. Neither the customer email nor the customer name is ever transmitted by the Software to Lanreal except if you choose to send a review or feedback (Section 3.5) or a bug report (Section 3.4).

3.2 Update-check data

The Software periodically requests the file at https://releases.whisperstream.io/latest.json to determine whether a newer version of the Software is available. This request is a standard HTTP GET. No device identifier, Whisperstream application version number, or other identifying data is sent in the request URL, headers, or body beyond the standard Accept and User-Agent headers automatically added by the underlying HTTP library (including your IP address as seen by the update server). Specifically, the headers are User-Agent: tauri-plugin-updater/<crate-version> and Accept: application/json.

Update manifests are cryptographically signed using the minisign signing scheme, and the Software verifies the minisign signature locally on your device before installing any update. Although the request headers themselves do not identify you, the update server sees your IP address as part of the underlying network connection. Under the GDPR, IP addresses may constitute personal data (see Section 4 for the lawful basis applicable to this processing).

The Software does not currently provide a user-facing control to disable automatic update checks.

3.3 First-run model download data

On first launch, the Software downloads the speech recognition model (approximately 600 MB) from the Hugging Face repository at https://huggingface.co/csukuangfj/sherpa-onnx-nemo-parakeet-tdt-0.6b-v3-int8. If the Hugging Face download fails or is unavailable, the Software falls back to a Cloudflare R2 mirror at https://models.whisperstream.io/manifest.json. No personal information is sent in this request beyond the standard HTTP headers (including your IP address, as with any ordinary HTTP download) automatically added by the underlying download library.

The Software explicitly suppresses any cached Hugging Face authentication tokens before initiating the download, so that your Hugging Face identity (if any) is not transmitted as part of this request.

3.4 Data that stays on your device

The following information is handled entirely on your own computer and is never transmitted to Lanreal or to any third party by the Software:

• Audio recordings. Microphone audio is held in random-access memory for the duration of each push-to-talk capture and is discarded after the transcription frame has been processed. No audio data is written to disk and no audio data is transmitted anywhere.

Voice data is not biometric data. The speech recognition model processes your voice solely to convert speech into text. It does not create a voiceprint, does not perform speaker identification or authentication, and does not extract or store any biometric identifier from your voice. Under the GDPR (Article 9), biometric data is subject to enhanced protections only when processed for the purpose of uniquely identifying a natural person. Because the Software processes voice exclusively for transcription and not for identification, the voice data handled by the Software does not constitute biometric data within the meaning of Article 9.

• Transcribed text. The text produced by the speech recognition model is typed directly into the window you have focused and is not retained by the Software.
• Local logs. The Software writes diagnostic logs to a local file under your Windows user profile (inside %LOCALAPPDATA%\Whisperstream\logs\). These logs are rotated at approximately 2 MB each with up to three backups retained, for a total of roughly 6 MB of historical log data. They are never transmitted automatically. The Software also maintains a short in-process log ring buffer (approximately 500 entries in application memory) that is lost on restart.
• Usage statistics. The Software keeps aggregate counters of how many transcriptions you have run, how many words you have transcribed, and how much recording time you have accumulated. These counters are stored locally in your Windows user profile and are never transmitted.
• Configuration. Your settings, including your chosen hotkey, audio device, and word-override dictionary, are stored locally in a configuration file under your Windows user profile and are never transmitted.

Because this information never leaves your device, it is not processed by Lanreal as a controller within the meaning of GDPR Article 4. The only time information in this category leaves your device is if you yourself choose to send it to Lanreal as part of a bug report (for example, by using the in-app "Download Logs" feature and attaching the resulting archive to a support email you send to [email protected]). In that case, Lanreal processes the information you send for the purpose of diagnosing the specific issue you have reported, and retains it for the duration of that support interaction.

A summary of the categories above, mapped to the CCPA categories of personal information, is provided in Section 13 of this Privacy Policy.

3.5 In-app reviews and feedback (voluntary submissions)

The Software includes an in-app review popup that lets you share a rating, a testimonial, or a free-text feedback message with Lanreal. The popup is surfaced after a usage-based heuristic suggests you may be ready to leave a review; you can also dismiss it and never return to it. The submission itself is voluntary: nothing leaves your device under this Section 3.5 unless you type content into the popup and click Submit.

When you submit a review, the Software transmits the following fields to Lanreal's reviews database (hosted on Supabase, see Section 5):

• the star rating you selected (1 to 5),
• the testimonial text you typed,
• the display name you typed (or that is prefilled from the customer name associated with your licence, which you may edit),
• a "feature my review on the website" consent flag indicating whether you agree to have Lanreal display your testimonial and display name publicly on the Whisperstream website for marketing purposes, and
• the email address associated with the submission: for activated Pro licences, this is the customer email received from Polar in response to your licence activation (see Section 3.1); for unlicensed or trial users, this is an optional email you may type in the popup or leave blank. The optional unlicensed-user email input described in this bullet is the design the Software will present when the updated review popup ships; in earlier versions of the Software the review popup may not yet expose an email input to unlicensed users, in which case no email is transmitted with reviews submitted from those versions.

When you submit feedback (without a star rating), the Software transmits the feedback text you typed and the email address associated with the submission, as described above.

In addition to the fields listed above, each submission includes the Whisperstream application version and the standard HTTP headers automatically sent by the underlying HTTP library (including your IP address as seen by the Supabase server). The Software does not transmit your transcribed text, your voice, your device hostname, your operating system, your usage statistics, your configuration, or your license key as part of a review or feedback submission.

Lanreal uses submitted reviews and feedback to improve the Software and, where you have checked the "feature my review on the website" consent flag, to display testimonials publicly on the Whisperstream website. Reviews and feedback are stored by Supabase in the United States and are retained indefinitely by Lanreal until you request deletion (see Section 10).

If you never click Submit on the review popup, nothing is transmitted by this feature and Lanreal has no record of you having seen the popup.

This section explains, for each category of information described in Section 3, the purpose for which Lanreal processes that information and the corresponding lawful basis under GDPR Article 6.

• License activation and validation data. The purpose of forwarding your license key and the Whisperstream organization identifier to Polar is to activate your Whisperstream license, to validate that the license is still current, and to deactivate a device when you choose to release it. The lawful basis under GDPR Article 6 is Article 6(1)(b), the performance of a contract to which you are a party (the Whisperstream Pro license itself).
• Device hostname forwarded to Polar as an activation label. The purpose of forwarding the operating system hostname, along with the operating system family string, is to let you distinguish which of your devices a given license slot is assigned to in the Polar license dashboard. The lawful basis under GDPR Article 6 is Article 6(1)(b), performance of the license contract, because multi-device slot management is part of the license as described in the Whisperstream End User License Agreement. Your IP address, which is visible to Polar as a standard byproduct of the HTTPS connection, is processed under GDPR Article 6(1)(b) as part of the same license validation transaction.
• Update-check data. The purpose of the update check is to let the Software determine whether a newer version is available, and to verify the integrity and authenticity of any update before it is installed. As described in Section 3.2, the update server sees your IP address as part of the underlying network connection. The lawful basis for this incidental processing of your IP address is GDPR Article 6(1)(f), Lanreal's legitimate interest in delivering signed, authenticated software updates to protect the security and integrity of the Software.
• First-run model download data. The purpose of the model download is to provide the Software with the speech recognition model it needs to function. As described in Section 3.3, the download transmits standard HTTP headers including your IP address to the model host (Hugging Face or Cloudflare). The lawful basis for this incidental processing of your IP address is GDPR Article 6(1)(f), Lanreal's legitimate interest in providing the Software with the speech recognition model it requires to function.
• Local logs, transcribed text, audio recordings, usage statistics, and configuration. In the default configuration of the Software, because these never leave your device, they are not processed by Lanreal as a controller within the meaning of GDPR Article 4 and no Article 6 basis is required. If you choose to send logs to Lanreal as part of a bug report, the lawful basis for Lanreal's subsequent processing is Article 6(1)(f), our legitimate interest in diagnosing and fixing the issue you have reported, balanced against your interests and your expectations as the person who initiated the bug report.
• Transcribed text transmitted under the optional cloud post-processing feature. If you enable the optional feature described in Section 6 and select a cloud provider, the purpose of transmitting your transcribed text to that provider is to perform the post-processing that you have requested (for example, grammar or style correction). The lawful basis under GDPR Article 6 is Article 6(1)(a), your explicit consent, which you give by enabling the feature in the Software's settings, selecting a provider, and supplying a credential for that provider. This consent basis covers all data transmitted to the provider as part of the post-processing request, including the transcribed text, your API credential, any instruction prompt you have configured, and the IP address visible to the provider as a standard byproduct of the HTTPS connection. You may withdraw your consent at any time by disabling the feature as described in Section 6.5, which stops all further transmission of transcribed text to the provider. Note that Lanreal is not the recipient of the transcribed text in this processing; the recipient is the provider you selected, and your contractual relationship is directly with that provider.
• Review and feedback submissions (Section 3.5). If you choose to submit a review or feedback through the in-app review popup, the purpose of processing the rating, testimonial, display name, feedback text, and associated email is to operate Lanreal's reviews database (including responding to your feedback and improving the Software). The lawful basis under GDPR Article 6 is Article 6(1)(a), your explicit consent, which you give by clicking Submit in the review popup after seeing the fields that will be transmitted. You may withdraw your consent and request deletion of your submitted content at any time by contacting Lanreal as described in Section 10. Where you check the "feature my review on the website" consent flag, your consent to public display of your testimonial and display name for marketing purposes is a separate Article 6(1)(a) basis that you may also withdraw by the same mechanism.

Obligation to provide personal data. The provision of your license key and device hostname to Polar for license activation is a contractual requirement necessary for the performance of the Whisperstream Pro license. If you do not provide this information (by activating the Software), the Software will not function beyond any applicable trial tier. You are not under any statutory obligation to provide personal data described in this Privacy Policy; the obligation is contractual. No other personal information described in this Privacy Policy is required to be provided by you as a condition of using the Software. If you choose not to enable the optional cloud post-processing feature described in Section 6, or if you withdraw your consent by disabling it, the Software continues to function normally for all core features (on-device transcription, text injection, local configuration). The only consequence is that the cloud-based post-processing functionality is unavailable. Submitting reviews or feedback through the in-app review popup (Section 3.5) is entirely voluntary and is not a condition of using the Software.

Except for the optional cloud post-processing feature described in Section 6, Lanreal does not rely on your consent (GDPR Article 6(1)(a)) as the lawful basis for any of the processing described in this Privacy Policy. Lanreal does not engage in automated decision-making that produces legal or similarly significant effects within the meaning of GDPR Article 22.

Whisperstream relies on the following third-party sub-processors to operate under the default configuration of the Software. The list below is exhaustive for that default configuration. If you enable the optional cloud post-processing feature described in Section 6, you establish a direct contractual relationship with the cloud provider you select, and that provider is not a Lanreal sub-processor within the meaning of this Section 5. Changes to this list are communicated via version bumps to this Privacy Policy (see Section 14). In accordance with PIPEDA Principle 4.1.3, Lanreal uses contractual and other means to ensure that each sub-processor listed below provides a comparable level of protection for personal information transferred for processing. Lanreal remains accountable for the protection of personal information transferred to third-party processors. Lanreal does not use or disclose personal information for purposes other than those described in this Privacy Policy, unless required by law.

1. Polar Software Inc. (Delaware, USA) -- license activation and Merchant of Record. Receives your license key, the Whisperstream organization identifier, your device hostname, and your operating system family. Polar's processing of this information is governed by Polar's privacy policy at https://polar.sh/legal/privacy. For the license activation and validation data described in Section 3.1, Polar acts as a data processor on Lanreal's behalf within the meaning of GDPR Article 28. For the separate checkout and payment data that Polar collects directly from you (email address, payment information), Polar acts as an independent data controller. Polar's Data Processing Addendum (at https://polar.sh/legal/data-processing-addendum), which forms part of the Polar Master Services Terms, designates Polar as the processor and incorporates the European Commission's Standard Contractual Clauses (Controller-to-Processor, Module 2) and the UK International Data Transfer Addendum as the mechanisms for transfers of personal information from the European Economic Area and the United Kingdom to the United States. Note: when you complete your purchase, Polar separately collects your email address and payment information directly from you through its checkout flow. That information is governed by your relationship with Polar and is not transmitted by Whisperstream.

2. Hugging Face, Inc. (Delaware, USA) -- model distribution. The Whisperstream first-run setup downloads the speech recognition model (approximately 600 MB) from Hugging Face's repository at huggingface.co/csukuangfj/sherpa-onnx-nemo-parakeet-tdt-0.6b-v3-int8. Hugging Face receives only the standard HTTP headers automatically sent by the underlying download library, including your IP address. Hugging Face's processing is governed by Hugging Face's privacy policy at https://huggingface.co/privacy and its Data Processing Agreement, which incorporates the European Commission's Standard Contractual Clauses (Controller-to-Processor, Module 2) for transfers of personal information from the European Economic Area to the United States.

3. Cloudflare, Inc. (Delaware, USA) -- fallback model distribution mirror. If the Hugging Face download fails or is unavailable, Whisperstream falls back to a Cloudflare R2 mirror at models.whisperstream.io. Cloudflare receives only the standard HTTP headers automatically sent by the underlying download library, including your IP address. Cloudflare's processing is governed by Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/. Cloudflare's GDPR transfer mechanism is the European Commission's Standard Contractual Clauses combined with EU-U.S. Data Privacy Framework certification.

   Note: the Software's update-check endpoint at releases.whisperstream.io is hosted on Cloudflare's infrastructure. Update checks are covered by the Cloudflare disclosure above.

4. Supabase, Inc. (Delaware, USA) -- reviews and feedback database. If you choose to submit a review or feedback through the in-app review popup described in Section 3.5, Supabase hosts the relational database tables (reviews and feedback) that store your submission. Supabase receives the submitted fields (rating, testimonial, display name, feedback text, the "feature on website" consent flag, the email address associated with the submission, and the Whisperstream application version) together with the standard HTTP headers automatically sent by the underlying HTTP library (including your IP address). Supabase's processing is governed by Supabase's privacy policy at https://supabase.com/privacy. Supabase publishes a Data Processing Addendum at https://supabase.com/legal/dpa; Lanreal is in the process of confirming that the Data Processing Addendum is in force for Lanreal's organization and, where required, of requesting execution. Lanreal relies on Supabase's published Standard Contractual Clauses (incorporated into the Data Processing Addendum) for transfers of personal information from the European Economic Area, the United Kingdom, and Switzerland to Supabase in the United States. For transfers of personal information that have not yet been covered by executed Standard Contractual Clauses at the time Supabase receives them, Lanreal relies on GDPR Article 49(1)(a) (transfer necessary for the performance of a service you have explicitly requested) as the interim transfer basis.

Other than the four sub-processors listed above, Lanreal does not share personal information with any other recipients. In particular, Lanreal does not disclose personal information to advertisers, data brokers, or social media platforms, and Lanreal does not use third-party analytics, crash reporting, or error-reporting services (see Section 9 for the full enumeration of what the Software does not do).

A future version of the Software will include an optional feature that allows you to route transcribed text through a Large Language Model for post-processing (for example, grammar cleanup, punctuation normalization, style adjustment, or custom formatting). This section describes that feature as it will operate when released; it is not yet available in the current version of the Software. This feature is disabled by default in every new installation. When it is disabled, the Software does not transmit transcribed text to any party, consistent with the default-state promise made in Section 9. The remainder of this Section 6 describes the feature as it will operate when released.

6.1 Supported providers

If you enable the optional post-processing feature, you may configure the Software to route transcribed text to any one of the following providers. Lanreal does not host, operate, resell, or receive revenue from any of these providers. Your contractual relationship is directly with the provider whose credentials you supply.

1. OpenAI, L.L.C. (Delaware, USA) -- a cloud-based Large Language Model provider. Users outside North America may contract with a different OpenAI regional entity (for example, OpenAI Ireland Limited for users in the European Economic Area). See OpenAI's privacy policy at https://openai.com/policies/privacy-policy/ and OpenAI's terms of use at https://openai.com/policies/terms-of-use/ for information on how OpenAI handles content submitted to its API.

2. Anthropic, PBC (Delaware, USA) -- a cloud-based Large Language Model provider. Users outside North America may contract with a different Anthropic regional entity (for example, Anthropic Ireland Limited for users in the European Economic Area). See Anthropic's privacy policy at https://www.anthropic.com/legal/privacy and Anthropic's Commercial Terms of Service at https://www.anthropic.com/legal/commercial-terms for information on how Anthropic handles content submitted to its API.

3. Google LLC (Delaware, USA), via the Google Gemini API -- a cloud-based Large Language Model provider. The specific Google legal entity that contracts with you for Gemini API access depends on your location and your Google Cloud billing arrangement, and is determined by Google at https://cloud.google.com/terms/google-entity. For most individual users the contracting entity will be Google LLC (Delaware, USA). Canadian users contracting for paid Gemini API access may contract with Google Canada Corporation. See https://ai.google.dev/gemini-api/terms for the Gemini-API-specific additional terms and https://policies.google.com/privacy for Google's general privacy policy.

4. Ollama-compatible endpoint -- a Large Language Model server speaking the Ollama HTTP API. By default, the Software connects to an Ollama process running on your own device at http://localhost:11434, in which case transcribed text does not leave your device at all. If you configure the Software to connect to a non-local Ollama endpoint (for example, a self-hosted Ollama server on another machine, or an Ollama-compatible endpoint on a private network), transcribed text is transmitted to the URL you specify. The operator of that endpoint, which may be you or another party, is responsible for its own data handling, and Lanreal has no visibility into or control over that endpoint.

6.2 What is transmitted

When the optional post-processing feature is enabled, for each eligible transcript the Software transmits to the provider you selected:

• The transcribed text produced by the speech recognition model, as an input to the post-processing request. Transcripts shorter than a configurable length threshold (three words by default) are excluded from this transmission and remain local to your device.
• The API key or credential that you supplied for the selected provider, as an Authorization or equivalent request header, so that the provider can authenticate you and apply the usage limits of your account.
• Any instruction prompt that you have configured in the Software (for example, a system prompt describing the post-processing style you want), as part of the request payload.
• Standard HTTP headers automatically attached by the Software's HTTP library, including your IP address as it is seen by the provider.

The Software does not transmit, as part of any optional post-processing request, any of the following: your audio recording, your license key, the Whisperstream organization identifier, your device hostname, your operating system family, your local diagnostic logs, your in-memory frontend log ring buffer, your usage statistics, your configuration file, or any other category of information listed in Section 3.4 as staying on your device. These remain on your device regardless of whether the optional post-processing feature is enabled.

6.3 Provider response handling

After the provider processes your request, it returns the post-processed text to the Software as the response body. That response is then handled locally by the Software under the same rules as any other transcribed text: it is typed into the focused window and is not retained by the Software. The Software does not transmit the provider's response to any other recipient, and does not retain a copy after typing it into the focused window.

6.4 Your credentials

The API key or credential you supply for any of the providers listed in Section 6.1 is stored locally on your device within your Windows user profile, under %LOCALAPPDATA%\Whisperstream\. The key is encrypted at rest using the Windows Data Protection API (specifically, the CryptProtectData function), which derives the encryption key from your Windows user account credentials. As a consequence, the encrypted credential can only be decrypted by the same Windows user on the same device on which it was stored. A different Windows user logged into the same device, and any user on a different device, cannot decrypt the stored credential.

The stored credential is transmitted only to the provider you selected, only over HTTPS with certificate verification enabled, and only as a request header on the post-processing requests described in Section 6.2. The Software does not transmit the credential to Lanreal, to any of the sub-processors listed in Section 5, or to any recipient other than the provider you selected. Lanreal does not receive, store, or have any ability to recover your credential.

6.5 How to enable, disable, and delete

• Enabling. The optional post-processing feature is disabled by default in every new installation. To enable it, you must explicitly select a provider and supply a valid credential for that provider through the Software's settings interface. Before the feature begins transmitting transcribed text, the Software will display a blocking consent dialog that identifies the provider you selected, describes what data will leave your device, links to this Privacy Policy and to the provider's own privacy policy, and requires an affirmative click to continue. The Software will not begin transmitting transcribed text to any provider until you have completed all of those steps and confirmed the blocking consent dialog.
• Disabling. To disable the feature, toggle it off in the same settings interface. After you disable it, the Software will not transmit any further transcribed text to any provider, and will resume the default behaviour described in Sections 3.4 and 9 of this Privacy Policy.
• Deleting your credential. To delete a stored credential, use the "remove key" control in the same settings interface. This removes the encrypted credential from your Windows user profile in its entirety.

6.6 Relationship to Section 5 (sub-processors)

The four providers listed in Section 6.1 are not Lanreal sub-processors, resellers, or agents within the meaning of Section 5. This classification rests on four facts about how the optional cloud post-processing feature operates:

1. You determine the purposes and means of processing. You select the provider, you supply the credential, you configure the instruction prompt, and you trigger each transmission by enabling the feature and completing the consent gate described in Section 6.5. Lanreal's code is the transport; it does not select the destination, does not determine the purpose of the post-processing, and does not act on behalf of Lanreal in performing the transmission.

2. Lanreal does not hold the transcribed text. The transcript is generated on your device by the local speech-recognition model, transmitted directly from your device to the provider you selected, and is not routed through, copied to, or received by any Lanreal server. Lanreal has no possession, custody, or control of the transcript at any point.

3. Lanreal has no contract with the provider. Your credential is issued to you by the provider under the provider's own terms of service and privacy policy. Your contractual relationship is directly with the provider. Lanreal is not a party to that agreement, has no contract with the provider concerning the processing of your data, and does not assume any obligation owed to you by the provider.

4. Lanreal receives no consideration from the provider. Lanreal receives no revenue, referral fees, usage-based payments, or other valuable consideration from any of the four providers listed in Section 6.1, and Lanreal pays none of them.

Because of these facts, for the optional cloud post-processing feature: (a) the provider is not processing personal data on Lanreal's behalf within the meaning of Article 4(8) of the GDPR and is therefore not a Lanreal processor under Article 28; (b) Lanreal does not transfer personal information to the provider "for processing" within the meaning of Clause 4.1.3 of Schedule 1 to Canadian federal privacy law, and accountability for the provider's handling of the transcript does not attach to Lanreal; (c) the transmission is not a "sale" under Cal. Civ. Code Section 1798.140(ad)(1) (Lanreal receives no consideration), not a "share" under Section 1798.140(ah) (the transmission is not for cross-context behavioural advertising), and not a disclosure to a service provider under Section 1798.140(ag) (no contract, no on-behalf-of relationship). To the extent the transmission could be characterised as a disclosure at all, it is a user-directed disclosure within the carve-outs at Cal. Civ. Code Sections 1798.140(ad)(2)(A) and 1798.140(ah)(2)(A).

By enabling the feature and supplying a credential, you represent that you have read and agreed to the selected provider's terms of service and privacy policy, and that you have the legal right to submit the content you are submitting for post-processing.

Because Lanreal is incorporated in Canada and the three sub-processors listed in Section 5 are incorporated outside Canada, personal information forwarded through the Software may be transferred across international borders. This section summarizes the transfer mechanism for each processor under Chapter V of the GDPR.

• Polar Software Inc. (United States). Polar is incorporated in Delaware, USA. Polar's Data Processing Addendum (at https://polar.sh/legal/data-processing-addendum), which forms part of the Polar Master Services Terms and applies automatically, incorporates the European Commission's Standard Contractual Clauses (Controller-to-Processor, Module 2) and the UK International Data Transfer Addendum as the mechanisms for transfers of personal information from the European Economic Area and the United Kingdom to Polar in the United States. Lanreal relies on these Standard Contractual Clauses for the license-activation and validation data described in Section 3.1.
• Hugging Face, Inc. (United States). Hugging Face, Inc. is incorporated in Delaware, USA. Hugging Face's Data Processing Agreement incorporates the European Commission's Standard Contractual Clauses (Controller-to-Processor, Module 2) for transfers of personal information from the European Economic Area, the United Kingdom, and Switzerland to Hugging Face in the United States. These Standard Contractual Clauses provide the applicable transfer mechanism for the incidental IP-address processing associated with the model download described in Section 3.3.
• Cloudflare, Inc. (United States). Cloudflare is incorporated in Delaware, USA. Cloudflare's published privacy policy and Trust Hub cite both the European Commission's Standard Contractual Clauses and EU-U.S. Data Privacy Framework certification as the mechanisms for transfers of personal information from the European Economic Area, the United Kingdom, and Switzerland to Cloudflare in the United States. Lanreal relies on Cloudflare's combined Standard Contractual Clauses and Data Privacy Framework certification for the fallback model download described in Section 3.3.
• Supabase, Inc. (United States). Supabase is incorporated in Delaware, USA, and hosts the reviews and feedback database described in Section 3.5. Supabase's published Data Processing Addendum at https://supabase.com/legal/dpa incorporates the European Commission's Standard Contractual Clauses (Controller-to-Processor, Module 2) and the UK International Data Transfer Addendum as the mechanisms for transfers of personal information from the European Economic Area, the United Kingdom, and Switzerland to Supabase in the United States. Lanreal is in the process of confirming that the Data Processing Addendum is in force for Lanreal's organization and relies on Article 49(1)(a) of the GDPR (transfer necessary for the performance of a service you have explicitly requested by clicking Submit in the review popup) as an interim transfer basis for any submission received before Supabase confirms Data Processing Addendum execution.

Transfers to Canada. The European Commission has recognized Canada as providing an adequate level of data protection (Commission Decision 2002/2/EC). Transfers of personal information from the European Economic Area to Lanreal in Canada are therefore covered by this adequacy decision.

If you are located in the European Economic Area, the United Kingdom, or Switzerland and wish to receive further information about these transfer mechanisms, including copies of the relevant Standard Contractual Clauses where available, please contact Lanreal at [email protected].

Foreign law enforcement access. Because personal information may be transferred to sub-processors in the United States for processing (as described in Section 5), that information may be accessible to the courts, law enforcement agencies, and national security authorities of the United States under the laws of that jurisdiction.

Optional cloud post-processing (Section 6). If you enable the optional cloud post-processing feature described in Section 6 and select a cloud provider other than a local Ollama-compatible endpoint, transcribed text is transmitted to the provider's infrastructure, which is typically located in the United States. Three of the four providers listed in Section 6.1 (OpenAI, Anthropic, Google) are U.S.-incorporated entities whose processing infrastructure generally sits in the United States, and your contract for Gemini API access through Google may involve a Canadian or European Google entity depending on your location. Lanreal does not control the routing, the storage locations, or the onward transfer decisions those providers make once the data leaves your device, and Lanreal does not implement Standard Contractual Clauses or any other Chapter V transfer mechanism on your behalf for that transmission, because Lanreal is not the contracting party. Your contractual protection for any such cross-border transfer is governed by the privacy policy and terms of service of the provider you selected, and Lanreal encourages you to review both documents before enabling the feature.

Lanreal's retention strategy is hybrid. For information that the Software controls directly, we state concrete retention behaviour because the data flow is narrow enough to do so honestly. For information that a third-party sub-processor controls, we describe the retention category and point you to the sub-processor's own policy, because Lanreal cannot enforce a specific retention period on a third party's infrastructure.

Retention for information the Software controls directly:

• Audio recordings: not retained. Held in random-access memory for the duration of each push-to-talk capture and discarded after the transcription frame has been processed.
• Transcribed text: not retained by Lanreal or by the Software. The output of the speech recognition model is typed into the focused window and not kept anywhere by the Software. If you have enabled the optional cloud post-processing feature described in Section 6 and the transcript is above the configurable length threshold, the text is transmitted to the provider you selected for the duration of the post-processing request; Lanreal does not retain a copy, and the provider's retention of your submitted content is governed by the provider's own terms of service and privacy policy (see the links in Section 6.1).
• Local diagnostic logs: retained locally on your device for approximately 6 MB of rolling history (2 MB per file, three backups). Never transmitted automatically. You may delete the local log directory at any time.
• In-memory frontend log ring buffer: retained in application memory only, lost on restart.
• Local usage statistics and configuration: retained locally on your device until you uninstall the Software or delete the %LOCALAPPDATA%\Whisperstream\ directory.
• Credentials you supply for the optional cloud post-processing feature (Section 6): retained locally on your device, DPAPI-encrypted, inside your Windows user profile, until you remove the credential through the Software's settings interface (see Section 6.5) or until you uninstall the Software and delete the %LOCALAPPDATA%\Whisperstream\ directory. Lanreal does not retain, store, or have any visibility into this credential.
• Logs you voluntarily send to Lanreal with a bug report: retained only for the duration of the support interaction and deleted or anonymized once the issue is resolved. When the credential storage feature described in Section 6.4 is implemented, the Software will exclude the DPAPI-encrypted credential from bug-report log exports so that it is not inadvertently transmitted when you submit a bug report.
• Reviews and feedback you voluntarily submit (Section 3.5): stored by Supabase on Lanreal's behalf (see Sections 3.5, 5, and 7). Lanreal retains submitted reviews and feedback indefinitely for the business purposes described in Section 4 (improving the Software and, where you consented, publicly displaying testimonials on the Whisperstream website) until you request deletion by contacting Lanreal at [email protected] as described in Section 10. On receipt of a valid deletion request, Lanreal will delete the corresponding row from the reviews or feedback database within the response timeline described in Section 10.

Retention for information third-party sub-processors control:

• Polar activation-slot data (your license key, the Whisperstream organization identifier, your hostname, and your OS family): retained by Polar for the duration of your active license, plus Polar's own retention period as governed by Polar's privacy policy at https://polar.sh/legal/privacy. Lanreal cannot enforce a specific retention number on Polar's side. When you deactivate a device, the slot is released, and any residual retention is governed by Polar's policy.
• Hugging Face download logs: standard content delivery network access logs, as governed by Hugging Face's privacy policy at https://huggingface.co/privacy.
• Cloudflare R2 access logs: standard content delivery edge access logs, as governed by Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/.

Retention by optional cloud post-processing providers (Section 6). If you have enabled the optional cloud post-processing feature and selected a cloud provider, your transcribed text and any instruction prompt you have configured are submitted to that provider as part of each eligible request. How long the provider retains that submitted content, whether it is used to train the provider's models, and whether it is logged for abuse detection are governed entirely by the provider's own terms of service and privacy policy, which vary by provider and by account tier (for example, some providers offer a "zero-data-retention" enterprise tier that differs from their default consumer retention). Lanreal has no visibility into and no control over retention decisions at the provider, and Lanreal does not make representations about them. Please review the provider's published policies (see the links in Section 6.1) before enabling the feature.

This section enumerates categories of information that the Software never collects, never transmits, and never retains. It is intended as an explicit companion to Section 3, so that you can see not just what the Software does, but also what it does not do.

• No audio recordings leave your device. Microphone audio is held in RAM, processed by the speech recognition model on your CPU, and discarded. The Software does not upload audio to any server for any reason.
• By default, no transcribed text leaves your device. In the default configuration of the Software, the output of the speech recognition model is typed into the focused window and not retained, and the Software does not upload transcriptions to any server. If you explicitly enable the optional cloud post-processing feature described in Section 6 and supply a credential for a cloud provider, transcribed text above the configurable length threshold is transmitted only to the specific third-party provider you selected, only over HTTPS, and only for the duration of each post-processing request. No transcribed text is ever transmitted to Lanreal, or to any of the sub-processors listed in Section 5, under any configuration of the Software.
• No microphone input, typing, keystrokes, or clipboard contents are transmitted. The Software does not intercept or transmit your keyboard or clipboard activity.
• No telemetry, no analytics, error reporting, crash reporting, no usage tracking, and no feature-flag service. The Software does not integrate Sentry, PostHog, Mixpanel, Google Analytics, Plausible, or any comparable service. No automatic event streams, per-action tracking, or behavioural profiling are sent to any server. The only data that leaves your device does so through the four flows explicitly described in Section 3 (license validation, update checks, the one-time model download, and the loopback-only local backend process) and through the two user-initiated flows that require an affirmative action on your part: voluntarily submitting a review or feedback through the in-app review popup (Section 3.5) and, if you explicitly enable it, the optional cloud post-processing feature (Section 6). There is no "opt out" for telemetry because there is no telemetry to opt out of; the user-initiated flows are controlled by you each time you use them.
• No advertising identifiers. The Software does not collect, generate, or transmit any advertising identifier (such as IDFA, AAID, or similar).
• No local network scanning. The Software does not scan your local network, enumerate devices on it, or probe for other services.
• No persistent loopback-accessible endpoints beyond the local backend process. The local backend process binds exclusively to the loopback interface (127.0.0.1) so that no other device on your network can reach it, and it exposes no outbound telemetry.
• No sale of personal information. Lanreal does not sell or rent personal information. See Section 13 for the CCPA-specific disclosure on sale and sharing.
• No profiling or automated decision-making. The Software does not profile you, score you, rank you, or make any automated decision that produces legal or similarly significant effects within the meaning of GDPR Article 22.
• No cookies or tracking technologies. The Software does not use cookies, web beacons, pixel tags, local storage tokens, browser fingerprinting, or any other tracking technology to identify you, track your behaviour, or build a profile about you. The local communication between the Software's frontend and backend processes (over the loopback interface) does not use persistent cookies or session identifiers.

Depending on where you live, you may have one or more of the rights listed in this section. Lanreal extends all of these rights to every Whisperstream user, regardless of jurisdiction, so that you do not have to prove residency in order to exercise a right.

Rights summary. The most commonly exercised rights, with the statutory basis for each, are:

• Right to know what personal information Lanreal holds about you and how we use it (GDPR Article 15 / CCPA Section 1798.110 / Canadian federal privacy law Principle 4.9).
• Right to delete or erase personal information Lanreal holds about you (GDPR Article 17 / CCPA Section 1798.105). This includes deletion of any review or feedback you have submitted under Section 3.5.
• Right to correct inaccurate personal information (GDPR Article 16 / CCPA Section 1798.106 / Canadian federal privacy law Principle 4.9.5).
• Right to data portability in a structured, commonly-used, machine-readable format (GDPR Article 20).
• Right to withdraw consent for the optional cloud post-processing feature (Section 6) and for the in-app review and feedback submissions (Section 3.5), which are the two pieces of processing described in this Privacy Policy that rely on your consent as the GDPR Article 6 lawful basis (GDPR Article 7(3)).
• Right to complain to a privacy regulator (GDPR Article 77, CCPA, Canadian federal privacy law; see Section 15 for the supervisory authorities).

To exercise any of these rights, email Lanreal's Privacy Officer at [email protected]. There is no charge, no account required, and no in-app rights-request form. Lanreal will respond within 30 days under Canadian federal privacy law and the GDPR and within 45 calendar days under the CCPA, with the extensions described in the timelines at the end of this Section 10.

Rights under the European Union General Data Protection Regulation (GDPR Articles 15 to 22):

• Right of access (Article 15): you may ask Lanreal to confirm whether we process personal information about you and, if so, to provide a copy of that information.
• Right to rectification (Article 16): you may ask Lanreal to correct any inaccurate personal information we hold about you.
• Right to erasure (Article 17): you may ask Lanreal to delete personal information we hold about you, subject to the statutory exceptions in Article 17(3).
• Right to restriction of processing (Article 18): you may ask Lanreal to restrict the processing of your personal information in the circumstances set out in Article 18(1).
• Right to data portability (Article 20): you may ask Lanreal to provide your personal information in a structured, commonly used, machine-readable format where the processing is based on Article 6(1)(b) and is carried out by automated means.
• Right to object (Article 21): you may object at any time, on grounds relating to your particular situation, to processing of your personal information that is based on Article 6(1)(f) (our legitimate interests). If you believe that any processing by Lanreal that is based on Article 6(1)(f) affects you, you may object on grounds relating to your particular situation, and Lanreal will cease the processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Rights in relation to automated decision-making (Article 22): not applicable. Lanreal does not engage in automated decision-making that produces legal or similarly significant effects within the meaning of Article 22.
• Right to withdraw consent (Article 7(3)): applies to the optional cloud post-processing feature described in Section 6 and to the in-app review and feedback submissions described in Section 3.5. These are the two pieces of processing described in this Privacy Policy that rely on your consent as the GDPR Article 6 lawful basis. For the cloud post-processing feature, you may withdraw your consent at any time by disabling the feature through the Software's settings interface as described in Section 6.5, which stops all further transmission of transcribed text to the provider. For reviews and feedback, you may withdraw your consent and request deletion of your previously submitted content by emailing Lanreal at [email protected]; where you check the "feature my review on the website" consent flag, that separate consent may be withdrawn the same way. Withdrawal of consent does not affect the lawfulness of processing already performed under your consent before withdrawal. The other processing described in this Privacy Policy does not rely on consent, so the Article 7(3) right to withdraw does not apply to any processing outside Sections 3.5 and 6.

Rights under the California Consumer Privacy Act (CCPA):

• Right to know what categories of personal information we have collected about you, the sources from which we collected it, the business or commercial purposes for collecting it, and the categories of third parties with whom we shared it.
• Right to delete personal information we collected from you, subject to the statutory exceptions in Cal. Civ. Code Section 1798.105(d).
• Right to correct inaccurate personal information we maintain about you.
• Right to limit use of sensitive personal information: not applicable. Lanreal does not collect sensitive personal information within the meaning of Cal. Civ. Code Section 1798.140(ae).
• Right to opt out of the sale or sharing of personal information: not applicable. Lanreal does not sell or share personal information for cross-context behavioural advertising, as described in Section 13 below. The disclosure that this right is not applicable is nonetheless provided.
• Right to non-discrimination for exercising any CCPA right. Lanreal will not deny you the Software, charge you a different price, or provide a different level of quality because you exercised a right under the CCPA.

Rights under Canadian federal privacy law:

• Right of access to personal information Lanreal holds about you.
• Right to correction of inaccurate personal information.
• Right to challenge compliance with this Privacy Policy and with Canadian federal privacy law generally. Challenges are directed to the Privacy Officer in the first instance (see Section 15).

How to exercise your rights. To exercise any of the rights above, email Lanreal's Privacy Officer at [email protected] with a description of your request and enough information for us to verify your identity and locate your personal information (typically the license key you use with the Software, if any). Lanreal does not operate an in-app rights-request button in this version of the Software; the email channel above is the designated rights mechanism.

Verification. Because Lanreal does not maintain a user account database, identity verification for most requests will consist of confirming that the email you use to contact us matches a license activation we can locate, or (if you have not purchased a Pro license) confirming enough details about your use of the Software that we can associate your request with specific personal information we hold.

Unresolved challenges. If you challenge the accuracy of personal information Lanreal holds and the challenge cannot be resolved to your satisfaction, Lanreal will record the substance of the unresolved challenge alongside the information in question.

Response timeline. Lanreal will acknowledge your request within a reasonable period and will respond substantively within 30 days of receipt. Lanreal will respond to access and correction requests at no cost to you. Under GDPR Article 12(3), Lanreal may extend this period by up to an additional 60 days where necessary, taking into account the complexity and the number of requests; if we need to do so, we will inform you of the extension and the reasons for it within the original 30-day window.

CCPA response timeline. For requests submitted by California residents under the CCPA, Lanreal will respond within 45 calendar days. Lanreal may extend this period by an additional 45 calendar days (for a total of 90 calendar days) where reasonably necessary, and will inform you of any extension within the original 45-day window.

If Lanreal does not take action. If Lanreal decides not to take action on your request, we will inform you within 30 days of receipt of the reasons for not taking action and of your right to lodge a complaint with a supervisory authority and to seek a judicial remedy.

Authorized agents. California residents may use an authorized agent to submit a rights request on their behalf. If you do so, we may require the agent to provide written authorization from you and to verify their own identity.

The Software is not directed to children. Lanreal does not knowingly collect personal information from children under the age of 13 in the United States (consistent with the Children's Online Privacy Protection Act, or COPPA), or from children under the age of 16 in the European Economic Area (consistent with GDPR Article 8). If you are a parent or guardian and you believe your child has provided personal information to Lanreal through the Software, please contact us at [email protected] and we will take reasonable steps to delete that information. The Software does not implement age verification because it does not require account creation, does not collect age or date-of-birth information, and is not directed to children.

Lanreal implements security safeguards proportional to the sensitivity of the personal information the Software processes. Because the data flow described in Section 3 is narrow by design (license key, Whisperstream organization identifier, hostname, and operating system family, forwarded to Polar over HTTPS), the attack surface is correspondingly narrow. In particular:

• Lanreal does not maintain a user account database for the Software in the conventional sense: the Software does not require user registration, does not issue Lanreal-hosted credentials, and does not track individual user accounts. The only Lanreal-hosted database containing personal information is the reviews and feedback database described in Section 3.5, which is populated only by content that you have voluntarily submitted through the in-app review popup.
• All network communications described in Section 3 travel over HTTPS with the certificate-verification behaviour of the underlying HTTP library. The Software does not disable certificate verification.
• Update manifests are cryptographically signed using minisign and verified locally on your device before installation.
• The local backend process binds exclusively to 127.0.0.1 on a fixed port, so that no other device on your network can reach it.
• Local configuration, logs, and usage statistics are stored under your Windows user profile with the access controls your operating system provides.
• When the optional cloud post-processing feature described in Section 6 is implemented, credentials (API keys) that you supply will be encrypted at rest using the Windows Data Protection API (specifically, the CryptProtectData function), which binds the encrypted value to your Windows user account on the specific device where the credential is stored. A different Windows user on the same device will not be able to decrypt the stored credential, and neither will any user on a different device. The encrypted credential will be stored under %LOCALAPPDATA%\Whisperstream\ with the access controls your operating system provides, and will be excluded from the bug-report log export described in Section 8 so that it is not inadvertently transmitted when you submit a bug report to Lanreal.
• When the optional cloud post-processing feature is enabled, each request to the provider you selected will travel over HTTPS with certificate verification enabled. Your credential will be transmitted only as a request header on those requests, and only to the provider you selected. The Software will not transmit the credential to Lanreal, to any sub-processor listed in Section 5, or to any other recipient.

No security program can guarantee absolute protection against all threats. If you become aware of a security issue affecting the Software, please contact Lanreal at [email protected].

In the event of a breach of security safeguards involving personal information under Lanreal's control that creates a real risk of significant harm to you, Lanreal will:

(a) report the breach to the Office of the Privacy Commissioner of Canada in accordance with section 10.1 of the Personal Information Protection and Electronic Documents Act and the associated Breach of Security Safeguards Regulations (SOR/2018-64);

(b) notify you of the breach as soon as feasible after determining that the breach has occurred, by email if we have your email address on file through a license activation, or by prominent notice on the Whisperstream website at https://whisperstream.io if we do not have a direct means of contacting you;

(c) where required by the General Data Protection Regulation (Articles 33 and 34), notify the relevant European supervisory authority within 72 hours of becoming aware of the breach, and notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms; and

(d) where required by the California Consumer Privacy Act or other applicable law, provide notice in accordance with the requirements of that law.

Lanreal maintains a record of all breaches of security safeguards involving personal information under its control, as required by section 10.1(3) of the Personal Information Protection and Electronic Documents Act and the Breach of Security Safeguards Regulations (SOR/2018-64). This record is retained for at least 24 months and is available to the Office of the Privacy Commissioner of Canada upon request.

If Lanreal Technologies Inc. is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, personal information we hold may be transferred as part of that transaction. If such a transfer occurs, the acquiring entity's use of your personal information will remain subject to the commitments made in this Privacy Policy. We will notify you of any such transfer and of any changes to the applicable privacy terms by updating this Privacy Policy (see Section 14) and, where feasible, by notice on the Whisperstream website. Where required by applicable law, we will obtain your consent before transferring your personal information to the acquiring entity.

Lanreal may disclose personal information to law enforcement, regulatory authorities, courts, or other governmental bodies where we are legally required to do so (for example, in response to a valid subpoena, warrant, or court order), or where we reasonably believe disclosure is necessary to comply with applicable law or to protect the safety of any person. Lanreal will attempt to notify you of any such disclosure before it occurs, unless notification is prohibited by law or court order. Lanreal does not voluntarily provide personal information to any government surveillance programme.

Sections 8 (How Long We Keep It), 10 (Your Rights), 11 (Children's Privacy), 12 (Security Safeguards), 12a (Data Breach Notification), 12b (Business Transfers), 12c (Law Enforcement and Government Requests), 13 (CCPA Notice for California Residents), 14 (Changes to This Policy), 15 (How to File a Complaint), and 16 (Contact Us) of this Privacy Policy, and any obligations arising from a data breach that occurred before termination, survive the termination of your license or the uninstallation of the Software for as long as Lanreal retains any personal information about you.

This section supplements the rest of this Privacy Policy for California residents whose personal information is collected by Lanreal through the Software, and is provided in accordance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the "CCPA").

Categories of personal information collected. In the preceding twelve months, Lanreal has collected the following categories of personal information from or about California residents through the Software, as those categories are defined by Cal. Civ. Code Section 1798.140(v):

• A. Identifiers (such as real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or similar identifiers): device hostname, forwarded to Polar as an activation label as described in Section 3.1; license key, forwarded to Polar as a unique activation credential; IP address, visible to Polar as an automatic byproduct of the HTTPS connection during license validation and visible to Supabase as an automatic byproduct of the HTTPS connection during review or feedback submission; and, if you choose to submit a review or feedback through the in-app review popup (Section 3.5), the email address associated with the submission (either the customer email received from Polar or, for unlicensed or trial users, an email you type in the popup) and the display name you supply. Polar additionally returns to your device a copy of your customer email and customer name as part of the license-activation response, which are stored locally on your device and, if you choose to submit a review, may be transmitted to Supabase as described in Section 3.5.
• B. Personal information categories listed in Cal. Civ. Code Section 1798.80(e) (such as name, signature, social security number, physical characteristics, address, telephone number, passport number, or similar): display name if supplied in the review popup (Section 3.5). No other categories in 1798.80(e).
• C. Characteristics of protected classifications under California or federal law (such as race, religion, sexual orientation, gender identity, marital status, medical condition, or similar): None.
• D. Commercial information (such as records of personal property, products or services purchased, obtained, or considered, or other purchasing histories): None. Purchase processing is handled separately by Polar at checkout and is not transmitted by the Software. The reviews and feedback you submit through the in-app review popup (Section 3.5) are opinion content about the Software and are not "commercial information" in the 1798.140(v) sense.
• E. Biometric information: None. Voice audio is processed by the on-device speech recognition model solely for the purpose of text transcription, not for the purpose of identifying you. The audio is held in volatile memory only for the duration of each push-to-talk capture and is never stored, transmitted, or used to create a voiceprint, template, or other biometric identifier.
• F. Internet or other electronic network activity information (such as browsing history, search history, or interactions with a website, application, or advertisement): None beyond the network flows described in Section 3 (license activation, update check, first-run model download, the loopback-only local backend process, and in-app review or feedback submissions described in Section 3.5). If you enable the optional cloud post-processing feature described in Section 6, additional network activity (the transmission of transcribed text to the provider you selected) also falls within this category; see Section 6 for details.
• G. Geolocation data: None.
• H. Audio, electronic, visual, thermal, olfactory, or similar information: None in any form that leaves your device. See category E above for voice data.
• I. Professional or employment-related information: None.
• J. Education information: None.
• K. Inferences drawn from any of the above to create a profile reflecting preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, or aptitudes: None.
• L. Sensitive personal information as defined by Cal. Civ. Code Section 1798.140(ae): None.

Sources of personal information. The device hostname is supplied by your own computer at the time of license activation. The license key is issued to you by Polar Software Inc. upon purchase. The IP address is an automatic byproduct of the HTTPS connection to Polar's API during license validation, to Hugging Face and Cloudflare during the model download and update checks, and to Supabase when you submit a review or feedback. Your customer email and customer name are received from Polar Software Inc. as part of the response to a license activation or validation, and are then stored locally on your device; if you choose to submit a review or feedback through the in-app review popup (Section 3.5), the email associated with your submission is either that Polar-sourced customer email (for Pro licence holders) or an email you type directly into the popup (for unlicensed or trial users). Your review display name, testimonial, rating, feature-on-website consent flag, and feedback text are collected directly from you when you type them into the in-app review popup and click Submit.

Business or commercial purposes for collecting personal information. The device hostname is collected for the business purpose of labelling your license-activation slots so that you can distinguish one device from another in the Polar license dashboard. The license key is collected for the business purpose of activating, validating, and deactivating your Whisperstream Pro license. The IP address is not separately collected by Lanreal for a business purpose; it is an automatic byproduct of the HTTPS connection visible to the applicable sub-processor. The review and feedback fields described in Section 3.5 (email address, display name, testimonial, rating, feature-on-website consent flag, feedback text) are collected for the business purposes of improving the Software, responding to user feedback, and (where you have checked the "feature my review on the website" consent flag) publicly displaying testimonials for marketing purposes.

Retention periods. The retention periods for each category of personal information listed above are described in Section 8 of this Privacy Policy. In summary: Category A data (device hostname, license key, IP address) forwarded to Polar is retained by Polar for the duration of your active license plus Polar's own retention period. Reviews and feedback you voluntarily submit under Section 3.5 are retained by Lanreal on Supabase indefinitely until you request deletion. All other categories listed as 'None' above are either not collected or are retained only on your local device under your control.

Categories of third parties with whom we share personal information. Polar Software Inc., Hugging Face Inc., Cloudflare Inc., and Supabase Inc., for the purposes described in Section 5. The license key, device hostname, and operating system family are shared only with Polar. The review and feedback fields (email, display name, testimonial, rating, feedback text, feature-on-website consent flag) are shared only with Supabase when you voluntarily submit a review or feedback. The IP address is visible to Polar during license validation, to Hugging Face during the model download, to Cloudflare during the fallback model download and update checks, and to Supabase during review submissions, as a standard byproduct of HTTPS connections.

Categories of personal information disclosed for a business purpose. In the preceding twelve months, Lanreal has disclosed the following categories of personal information to the following categories of third parties for business purposes: Identifiers (device hostname, license key, IP address) to Polar Software Inc. for license activation and validation; Identifiers (IP address) to Hugging Face Inc. and Cloudflare Inc. for the one-time model download and update checks; and, for users who voluntarily submit a review or feedback, Identifiers (email, IP address), Personal information in Section 1798.80(e) (display name), and electronic network activity information (review or feedback submission itself) to Supabase Inc. for the reviews and feedback database. No other categories of personal information have been disclosed to third parties for a business purpose.

Sale or sharing of personal information ("Do Not Sell or Share My Personal Information"). Lanreal does not sell your personal information to third parties in exchange for money or other valuable consideration, and Lanreal does not share your personal information for cross-context behavioural advertising. The transfer of your review content and email to Supabase, and of license data to Polar, are disclosures to service providers for the business purposes described above, not a "sale" or "sharing" within the meaning of Cal. Civ. Code Sections 1798.140(ad) or 1798.140(ah). Lanreal has not sold or shared personal information about California residents in the preceding twelve months and does not intend to do so. Because there is no sale or sharing, there is no "Do Not Sell or Share My Personal Information" link; this Privacy Policy, which discloses that the right is not applicable to Lanreal's practices, serves as the required disclosure under Cal. Civ. Code Section 1798.135.

Use of sensitive personal information. Not applicable. Lanreal does not collect sensitive personal information as defined by Cal. Civ. Code Section 1798.140(ae).

How to submit CCPA requests. California residents may submit a right-to-know, right-to-delete, right-to-correct, or non-discrimination request by emailing [email protected]. As a business that operates exclusively online and has a direct relationship with its customers through the Software, Lanreal uses email as its designated CCPA request method under Cal. Civ. Code Section 1798.130(a)(1)(A).

Lanreal may revise this Privacy Policy from time to time. When we revise it, we will change the version number at the top of this document. Minor clarifications that do not materially change how we collect, use, or share personal information will increment the minor version (for example, from 1.0 to 1.1). Material changes will increment the major version (for example, from 1.0 to 2.0).

How you learn about changes. The current version of this Privacy Policy is the version bundled with the installer for the Software version you have installed. New installs always receive whichever version ships in the installer at the time of download. Existing users are not re-prompted when they update to a new version of the Software; the updated Privacy Policy travels with the updated installer. The most recent published version is also available at https://whisperstream.io/privacy.

Sub-processor changes. If Lanreal adds, removes, or replaces a sub-processor listed in Section 5, that change will be reflected in a new version of this Privacy Policy. Lanreal does not currently operate a separate advance-notice mechanism for sub-processor changes; that mechanism is tracked in our internal follow-ups list and may be added in a future version.

If you believe that Lanreal has processed your personal information in a way that is inconsistent with this Privacy Policy or with applicable privacy law, please contact Lanreal first at [email protected] so that we have the opportunity to address your concern. Lanreal's Privacy Officer will investigate your complaint and respond within the timeline described in Section 10. Lanreal commits to investigating all privacy complaints received and, if a complaint is found justified, taking appropriate measures including amending policies and practices where necessary.

If you are not satisfied with Lanreal's response, you may also have the right to lodge a complaint with a supervisory authority:

• European Economic Area, the United Kingdom, and Switzerland: you have the right under GDPR Article 77 to lodge a complaint with the data protection supervisory authority of the Member State of your habitual residence, place of work, or the place of the alleged infringement.
• California: you may contact the California Privacy Protection Agency or the California Attorney General's Office for information about your rights under the CCPA.
• Canada (federal): you may file a complaint with the Office of the Privacy Commissioner of Canada (the 'OPC') at https://www.priv.gc.ca, toll-free 1-800-282-1376. The OPC has the authority to investigate your complaint under section 11 of the Personal Information Protection and Electronic Documents Act, issue a Report of Findings, and make formal recommendations. If the matter remains unresolved after the OPC's investigation, section 14 of the Act grants you the right to apply to the Federal Court of Canada for a hearing. If your complaint relates to a matter under provincial jurisdiction, you may also contact the privacy commissioner of the relevant province (for example, the Information and Privacy Commissioner of Ontario at https://www.ipc.on.ca).

Nothing in this section limits any other right or remedy available to you under applicable law.

Questions, requests, and complaints about this Privacy Policy and about Lanreal's handling of personal information should be directed to Lanreal's Privacy Officer:

Privacy Officer Lanreal Technologies Inc. 18 King Street East, Suite 1400 Toronto, Ontario M5C 1C4 Canada

Email: [email protected]

Lanreal Technologies Inc. is the data controller for the personal information described in this Privacy Policy. The Privacy Officer is the designated contact for Canadian federal privacy law, for GDPR Articles 13 and 14, and for CCPA consumer requests.

Accessibility. This Privacy Policy is available in Markdown format bundled with the Software, in plain text format inside the installer, and in HTML format at https://whisperstream.io/privacy. If you need this Privacy Policy in an alternative format to accommodate a disability, please contact us at [email protected].

Copyright (c) Lanreal Technologies Inc. All rights reserved.