Privacy Policy
Voicr — Voice to Text, Instantly
Last updated: March 30, 2026
1. Introduction
This Privacy Policy explains how Voicr ("we", "our", or "us"), operated by Aleksandr Shelestov PR JustOneDev, collects, uses, and protects information when you use the Voicr macOS application ("the App") and the associated website at voicr.pro ("the Website").
We have designed Voicr with privacy as a core principle. The App stores your recordings and notes locally on your device, and we collect the minimum data necessary to operate the service.
If you have any questions about this policy, please contact us at [email protected].
2. Who We Are (Data Controller)
For the purposes of the UK and EU General Data Protection Regulation (GDPR), the data controller is:
If you are located in the European Economic Area (EEA) or the United Kingdom, you have certain rights under GDPR and UK GDPR respectively. These are described in Section 9.
3. What Data We Collect and Why
3.1 Data Stored Locally on Your Device
The following data is created and stored exclusively on your Mac. We have no access to it, and it is never transmitted to our servers or any third party:
| Data | Purpose |
|---|---|
| Transcription history | Lets you browse and reuse past recordings |
| Notes you save | Lets you access saved transcriptions quickly |
| Smart Rules and preferences | Remembers your app-specific writing styles |
| Authentication token | Keeps you signed in to your account (stored in local storage, not a cookie) |
Legal basis (GDPR Art. 6(1)(b)): Processing necessary to perform the contract — i.e. to provide the App's core features.
3.2 Account Data
If you create an account through the Website, we collect and store the following on our servers:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account identification, login verification, and service communication | Until account deletion |
| Account identifier (UUID) | Internal account reference | Until account deletion |
| Subscription status and plan | Manage your subscription and word limits | Until account deletion |
Legal basis (GDPR Art. 6(1)(b)): Processing necessary to perform the contract.
3.3 Data Sent to Our API
When you record a voice input, the following is transmitted to our processing API solely to handle your request:
| Data | Retention |
|---|---|
| Audio recording (your voice input) | Discarded immediately after transcription |
| Transcribed and polished text | Discarded immediately after delivery to your device |
| Device identifier (anonymous) | Retained to manage usage limits (word count per plan) |
| macOS version | Retained for compatibility and debugging purposes |
We do not store your audio or transcribed text on our servers. Your content is processed and deleted in real time.
Legal basis (GDPR Art. 6(1)(b)): Processing necessary to perform the contract.
3.4 Data Processed by Groq
To power transcription and AI polishing, your audio and text are sent to Groq for processing using models including Whisper (transcription) and Llama (polishing).
Groq processes API data in real time and does not use your data to train models. You can review Groq's data handling practices in their Privacy Policy.
Legal basis (GDPR Art. 6(1)(b)): Processing necessary to perform the contract. Groq acts as a data processor on our behalf.
3.5 Data Handled by Paddle
All subscriptions are processed by Paddle.com Market Limited ("Paddle"), who acts as the Merchant of Record. Paddle may collect your email address, payment details, billing address, and IP address to process your transaction and comply with tax obligations.
We do not receive or store your payment card details. We receive only your email address, subscription status, and plan information from Paddle via webhooks.
Paddle's checkout may set a cookie (paddlejs_checkout_variant) to manage the checkout experience. This is a functional cookie required for the payment flow.
Paddle's privacy practices are governed by the Paddle Privacy Policy.
3.6 Data Processed by Cloudflare (Turnstile)
Our Website uses Cloudflare Turnstile for bot protection during account signup and login. Turnstile may process your IP address, browser metadata, and interaction data to verify you are a human user. No personal data is stored by Cloudflare on our behalf.
Cloudflare's privacy practices are governed by the Cloudflare Privacy Policy.
Legal basis (GDPR Art. 6(1)(f)): Legitimate interest in preventing automated abuse and protecting service integrity.
4. Data We Do Not Collect
We want to be explicit about what we do not do:
- We do not store your audio recordings on our servers
- We do not store your transcribed or polished text on our servers
- We do not sell, rent, or share your data with advertisers or third parties for marketing
- We do not use your data to train AI models
- We do not track your behaviour across apps or websites
- We do not use third-party analytics cookies on the Website
5. Cookies and Local Storage
The Website does not use cookies for analytics or tracking. We use the following storage mechanisms:
| Mechanism | Purpose | Type |
|---|---|---|
| Local storage (auth token) | Keeps you signed in to your account | Functional — essential |
paddlejs_checkout_variant cookie | Set by Paddle.js during the checkout flow to manage payment experience | Functional — third-party |
We use a privacy-first analytics service that does not set cookies, does not use local storage, and does not collect personal data.
6. Data Transfers Outside the EEA / UK
Your data may be transferred to and processed in countries outside the EEA and UK, specifically:
- Groq (United States) — for transcription and AI polishing, governed by Standard Contractual Clauses (SCCs) per GDPR Article 46
- Paddle (United Kingdom) — for payment processing, governed by the UK GDPR adequacy framework
For more information, see Groq's Privacy Policy.
7. Data Retention
| Data | Retention Period |
|---|---|
| Audio recordings | Never stored — discarded immediately after processing |
| Transcriptions and notes | Stored locally on your device until you delete them |
| Account data (email, UUID, subscription) | Retained until you delete your account or request erasure |
| Device identifier and OS version | Retained for as long as you use the App; deleted upon request |
| Groq API data | Processed in real time; not retained by Groq for model training |
| Server logs (IP, timestamps) | Up to 30 days for debugging, then deleted |
8. Security
We take reasonable technical measures to protect the data we handle:
- All data transmitted between the App, Website, and our API is encrypted in transit (TLS)
- All data transmitted to Groq is encrypted in transit
- Account data is stored in a managed database hosted by DigitalOcean with encryption at rest
- Our application servers are hosted on Hetzner infrastructure within the EU
- Local data on your Mac is protected by macOS's built-in security model
- We do not maintain databases containing your audio or transcription content
9. Your Rights Under GDPR
If you are located in the EEA or UK, you have the following rights regarding any personal data we hold:
| Right | What it means |
|---|---|
| Access | Request a copy of the data we hold about you |
| Rectification | Ask us to correct inaccurate data |
| Erasure | Ask us to delete your data ("right to be forgotten") |
| Restriction | Ask us to limit how we use your data |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw consent | Where processing is based on consent, withdraw it at any time |
Because Voicr stores almost all content locally on your device, most content-related rights can be exercised directly within the App by deleting your history, notes, and preferences.
For data held on our servers (account data, device identifier, OS version), please contact us at [email protected] and we will respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your authority at edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner's Office (ICO).
10. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
If the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay, in accordance with GDPR Article 34.
11. Sub-Processors
We use the following sub-processors to operate the service:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Groq | Voice transcription and AI text polishing | United States |
| Paddle | Payment processing, invoicing, and tax compliance | United Kingdom |
| Hetzner | Application server hosting | European Union (Germany / Finland) |
| DigitalOcean | Managed database hosting | European Union (Germany) |
| Cloudflare | Bot protection (Turnstile CAPTCHA) | Global (edge network) |
12. Children's Privacy
Voicr is not directed at children under the age of 13 (or under 16 in certain EEA countries). We do not knowingly collect personal data from children. If you believe a child has provided data through the App, please contact us at [email protected] and we will take prompt action.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this document. For significant changes, we will notify you via an in-app notice, the App Store update notes, or by email if you have an account.
Your continued use of Voicr after any changes constitutes your acceptance of the updated policy.
14. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our Terms of Service, please contact:
We aim to respond to all privacy-related enquiries within 30 days.