Legal

Privacy Policy

1. Scope and who this applies to

This policy applies to: (a) visitors of the Website; (b) users who download, install, or run the LocalYapper Application; and (c) anyone who interacts with our open-source repository, issue tracker, or release artifacts hosted on third-party platforms (such as GitHub). If you obtain LocalYapper from a third party who repackages or modifies it, that party may impose additional practices; you should review their policies. The unmodified official builds described in our repository are designed so that your speech and transcripts never leave your device except as you yourself export or copy them.

2. Controller, processor, and open-source nature

For the Application’s core dictation functionality, you remain in control of your data on your own computer. We do not operate a cloud dictation API, user account system, or centralized database of transcripts. The software is distributed under the MIT License; you may inspect, modify, and build it yourself. Copyright in the official distribution is held by Chaitanya (see the LICENSE file in the repository).

Where privacy law distinguishes a “data controller,” for personal data processed entirely locally on your device by the Application under default settings, you are the primary controller of that processing in many situations, and we do not receive that data. For optional Website features (e.g., analytics if enabled by the site operator), the operator of the Website deployment may act as controller for those specific features, as described below.

3. The Application — what we do not collect

We do not collect, and the Application is architected not to transmit, the following categories of data to us or to any service we operate:

• Voice audio from your microphone (beyond transient RAM processing on your device);
• Transcripts or dictated text;
• Clipboard contents (the Application may temporarily use the clipboard locally to paste into another app, then restore prior contents — this occurs on your machine only);
• Screen contents, files, or keystrokes outside what is required for global hotkeys and focus detection locally;
• Contact lists, calendars, photos, or other unrelated personal files;
• Precise geolocation;
• Advertising identifiers or cross-app tracking profiles;
• Telemetry, crash dumps, session replay, or product analytics sent to our servers (we do not operate such endpoints for the Application);
• Account registration data (there are no accounts);
• Payment or billing data (the Application is free and open source).

There is no “upload path” for your audio in the official Application design. Recognition runs locally using the Parakeet model via sherpa-onnx, with Silero VAD (or an energy-based fallback). This is consistent with the product documentation in our public repository.

4. Technical processing on your device

When you dictate, the Application typically performs the following entirely on your device:

1. Captures 16 kHz mono audio from your default microphone into RAM;
2. Applies voice-activity detection to trim silence;
3. Transcribes speech to text using the locally loaded model;
4. Optionally saves the transcript to local history (SQLite) before attempting paste;
5. Injects text into the previously focused application via clipboard save → paste → restore;
6. Discards the audio buffer when the pipeline completes — audio is not written to disk as part of this pipeline.

No large-language-model “cleanup” stage sends your text to a remote model. The recognised text is the text that is pasted, subject to speech-model accuracy limitations.

5. Local storage on your machine only

The Application stores data only in local application data directories on your operating system, including:

• SQLite database — settings and transcription history tables (as described in the project documentation);
• Downloaded model files — Parakeet and VAD assets after first-run setup (on-disk size is shown in the app);
• Configuration — hotkey bindings, wizard progress, pause state, and similar preferences.

You can delete history entries inside the app, clear all history, or uninstall the Application to remove its local data (subject to your OS’s uninstall behavior). We cannot delete your local data for you because we never receive it.

6. Network activity from the Application

Routine network use from the official Application is limited:

• One-time (or user-initiated) model downloads — fetching open speech and VAD model files from hosts specified in the Application (approximately hundreds of megabytes for the default model set). After successful setup, the Application is designed to work fully offline.
• No standing connection to our servers for dictation, licensing checks, or feature flags in the official open-source design documented in the repository.

Your operating system, antivirus, DNS provider, or network administrator may still log connection metadata when you download models or installers. That is outside our control.

7. This Website — limited interactions

The Website is a static marketing and download site. We do not operate a login system, comment system, newsletter, or contact form on this Website that stores submissions in our database — because we do not operate a user database for the site.

Possible interactions include:

• Downloading installers — links point to GitHub Releases; GitHub may log your IP address and user-agent under GitHub’s policies;
• Aggregate download counter — when you click a download button, the browser may request a public third-party counting API to increment an anonymous global counter (no name, email, or transcript is sent by our code);
• Optional Google Analytics — if the site operator configures PUBLIC_GA_MEASUREMENT_ID, Google may collect usage data under Google’s terms; you can use browser extensions or OS controls to limit this;
• Fonts — Google Fonts may be loaded from Google’s CDN unless the operator self-hosts fonts;
• Hosting logs — Vercel or another host may retain standard web server logs (IP, URL, timestamp) for security and operations.

8. Third-party services

8.1 GitHub

Source code, issues, and release binaries are hosted on GitHub. Interactions with GitHub are governed by GitHub’s Privacy Statement .

8.2 Google Analytics (optional, Website only)

If enabled, the Website loads Google Analytics 4 scripts. Google may process online identifiers, device information, and usage events. We do not send voice or transcript data to Google Analytics because we never possess them on the Website.

8.3 Public download counter API (Website only)

The Website may call a free public counter service to display how many times download links were clicked. That service stores a single integer counter key; it is not designed to receive personal data from us. Do not treat it as a security boundary.

8.4 Google Fonts (Website only)

Typography may be delivered from Google servers. Google’s policies may apply to that request. Self-hosting fonts removes this exposure.

9. Legal bases (EEA, UK, and similar regimes)

Where the GDPR or UK GDPR applies to Website processing (e.g., optional analytics), typical bases may include legitimate interests in operating and improving the site, and/or consent where required for non-essential cookies or similar technologies — implement a consent mechanism if your jurisdiction requires it for analytics.

For the Application’s local-only processing, because we do not receive personal data, many GDPR obligations regarding remote processing by us do not arise; nevertheless, we describe practices transparently for users in the EEA and UK.

10. Your privacy rights by region

Depending on your location, you may have rights to access, correct, delete, restrict, object, port, or withdraw consent regarding personal data held by a controller. Because we do not hold your Application dictation data, exercise these rights for local Application data by using in-app controls or deleting local files. For Website or GitHub data, contact the relevant platform or the site operator.

10.1 European Union / European Economic Area

You may lodge a complaint with your local supervisory authority. A list of EU authorities is available from the European Data Protection Board.

10.2 United Kingdom

You may contact the Information Commissioner’s Office (ICO) if UK law applies to specific Website processing.

10.3 India (Digital Personal Data Protection Act, 2023)

For personal data processed by third parties you choose (e.g., analytics or GitHub), their notices apply. The Application’s default local-only design aligns with data-minimisation expectations for speech processing, but you remain responsible for lawful use (including consent where you record others’ voices).

10.4 United States (including California)

We do not sell personal information as defined by the CCPA/CPRA. We do not share Application dictation data with third parties because it is not collected remotely. Website logs or optional analytics may involve “personal information” under state laws — scope depends on deployment.

10.5 Other regions (Asia-Pacific and elsewhere)

If your country provides privacy rights (e.g., access, correction, erasure), they apply to entities that actually hold your data. Our Application design avoids central collection; use local deletion and uninstallation to remove data from your device.

11. Children

The Application and Website are not directed at children under 13 (or the minimum age in your country). We do not knowingly collect personal information from children. If you believe a child provided information through a Website feature you control, disable that feature and contact the hosting provider.

12. Security

Local security depends on your device: disk encryption, OS updates, malware protection, and physical access controls. Because transcripts may reside in local SQLite history, protect your user account and backups accordingly. Report security vulnerabilities responsibly via GitHub Issues (avoid posting exploits publicly before coordination).

13. Retention — we do not retain your dictation data

We do not retain copies of your voice or transcripts on our servers — we never receive them. Retention on your device is under your control via history settings and uninstallation. Website hosting logs and third-party analytics, if any, follow those providers’ retention schedules.

14. International transfers

If you use optional Website services (analytics, fonts, counter API, GitHub), data may be processed in countries other than yours. Those providers may rely on standard contractual clauses or other mechanisms. The Application’s core dictation path does not require cross-border transfer to us.

15. Automated decision-making and profiling

We do not perform automated decision-making about you that produces legal or similarly significant effects. We do not build advertising profiles from Application usage. Speech recognition is a local inference step, not a profiling regime operated by us remotely.

16. Changes to this policy

We may update this Privacy Policy to reflect product, legal, or Website changes. The “Last updated” date will change accordingly. Material changes may also be noted in the repository or release notes. Continued use after posting constitutes acceptance where permitted by law.

17. Contact and complaints

For privacy questions about the open-source project, open a discussion or issue at https://github.com/chayprabs/localyapper/issues. There is no dedicated data-protection officer because we do not operate large-scale remote processing of Application personal data.

18. Important disclaimer

This document is provided for transparency and operational clarity. It is not legal advice. Laws vary by country and change over time. If you need compliance advice for your organisation, consult qualified counsel in your jurisdiction.

← Back to LocalYapper