WhisperShortcutWhisperShortcut

← WhisperShortcut

Privacy Policy for WhisperShortcut

Last updated: March 2, 2025

Overview

WhisperShortcut is a macOS menu bar application with four main features: Speech-to-Text (transcription), Speech-to-Prompt (AI text modification via voice), Read Aloud (text-to-speech), and Prompt & Read (combined AI + TTS). You can use an API key or purchase 30-day access via our website. This privacy policy explains how we handle your data and what information is collected, stored, or transmitted—both in the app and when you use the website or backend services.

Data Collection Summary

WhisperShortcut collects minimal data and prioritizes your privacy:

  • No analytics or tracking; no crash reporting
  • No data sold to third parties
  • In the app: data stored locally; offline Speech-to-Text can use local Whisper without sending data to any server
  • For subscription: only email, Google ID, subscription status, and usage for rate limits are stored on our backend; payment is via Stripe (we do not store card details)

What Data We Collect

1. Gemini Access: API Key

To use cloud features (Gemini), you enter your own Google API key. Usage is billed to your Google account.

API Key

  • What: Your Google API key
  • Where: Stored securely in macOS Keychain
  • Purpose: Authenticates requests to Google Gemini (transcription, AI prompting, TTS). Not needed for offline Whisper (Speech-to-Text)
  • Retention: Stored locally until you delete it
  • Access: Only accessible by the app on your device

2. App Preferences

  • What: Keyboard shortcuts, model selections, auto-paste toggle, TTS voice, and other settings
  • Where: Stored locally in macOS UserDefaults
  • Purpose: To remember your preferred configuration
  • Retention: Stored locally until you reset to defaults
  • Access: Only accessible by the app on your device

3. Temporary Audio Files

  • What: Audio recordings during transcription or prompting
  • Where: Stored temporarily in app's document directory
  • Purpose: Required for transcription and AI processing
  • Retention: Automatically deleted after processing
  • Access: Only accessible by the app on your device

4. Live Meeting Transcripts (Optional)

  • What: Transcript files from Live Meeting mode
  • Where: Saved in the app data folder under Meetings/
  • Purpose: Persistent record of live meeting transcription
  • Retention: Stored until you delete the files manually
  • Access: Only you can access these files on your device

5. User Context / Interaction Logs

  • What: Logs of transcriptions, prompt interactions, and read-aloud actions (mode, timestamps, result snippets). When automatic system prompt improvement applies a new prompt, a history entry is appended to JSONL files. When you apply suggested user context, a similar history entry is appended.
  • Where: Stored locally in the app data folder under UserContext/
  • Purpose: Used when you click "Generate with AI" in Settings to derive suggested system prompts and user context, or for automatic system prompt improvement (if enabled).
  • When it's collected: Interaction logging is always on. Data stays on your device until you delete it or it is automatically removed.
  • Retention: Log files older than 90 days are automatically deleted. For "Generate with AI" and automatic improvement, only interactions from the last 30 days are read and sent to Google Gemini.
  • Gemini Analysis: Manual (when you click "Generate with AI") or automatic (if Smart Improvement is enabled). Aggregated interaction data from the last 30 days may be sent to Google Gemini. You can disable automatic improvement at any time.
  • Deletion: Settings > Smart Improvement > Delete interaction data, or remove the UserContext folder manually.

6. Account and subscription (website and backend)

When you sign in with Google on our website to manage your subscription or view usage, we store account and subscription data on our servers.

  • What: Your email address, Google account identifier (sub), subscription status, and current period end. When you use cloud features with a subscription, the backend may log usage events (e.g. request type, timestamps) for rate limiting and operations.
  • Where: Our backend and database; payment is processed by Stripe (we do not store card details).
  • Purpose: To provide and manage your 30-day access, enforce usage limits, and operate the service.
  • Retention: Account and subscription data are kept as long as your account exists and for a limited time thereafter for legal or operational needs. You can request deletion of your account data by contacting us.

What Data We Do NOT Collect

  • Name or physical address (we use only email and Google ID for account and subscription)
  • Usage analytics or tracking data
  • Crash reports or diagnostic information
  • Payment card numbers or full card details (payment is processed by Stripe; we do not store them)
  • Audio recordings (beyond temporary processing)
  • Transcription text content (we do not store or transmit it beyond what's needed for the feature)
  • Clipboard content (beyond temporary use during Speech-to-Prompt / Prompt & Read)

Third-Party Services

Google Gemini API

WhisperShortcut uses Google's Gemini API for Speech-to-Text (cloud), Speech-to-Prompt, Read Aloud / TTS, Prompt & Read, and Live Meeting. Data sent: audio files and/or text. Data received: transcribed text, AI-modified text, or audio. Subject to Google's Privacy Policy. When you use cloud features, your audio and/or text may be sent to Google's servers. For offline Speech-to-Text with Whisper, no data leaves your device.

Stripe (payments)

Payment for 30-day access is processed by Stripe. Stripe receives payment method details and transaction data; we receive only confirmation and identifiers (e.g. session ID) to activate your subscription. We do not store card numbers. Stripe's privacy policy applies to payment data: stripe.com/privacy.

Data Storage and Security

In the app: data is stored locally on your macOS device. API keys are stored in macOS Keychain. Audio is recorded locally and files are automatically deleted after processing. Clipboard data is not stored by the app. When you use the website or subscription, account and subscription data (and usage events for rate limiting) are stored on our backend; we do not store payment card details (Stripe processes those).

Your Rights and Controls

You can access and modify preferences through the app settings, delete your API key, reset preferences, delete meeting transcripts and interaction data, and disable automatic improvement. Microphone and Accessibility permissions can be revoked in macOS System Settings. For account and subscription data held on our servers, you can request access or deletion by contacting us (Imprint or GitHub).

Children's Privacy

WhisperShortcut does not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes by updating the "Last updated" date and posting the new policy in the app repository.

Contact Information

If you have questions about this privacy policy or our data practices, please contact us through the GitHub repository: https://github.com/mgsgde/whisper-shortcut

This privacy policy is provided to comply with Apple App Store requirements, GDPR principles, CCPA requirements, and other applicable privacy laws.

WhisperShortcut is committed to protecting your privacy and ensuring transparency about our data practices.

Terms of Service · Imprint

← Back to WhisperShortcut