Privacy Policy

Last updated: 21 June 2026

PipeVoice is a free, open-source, push-to-talk voice-typing app for Windows. This policy explains exactly what happens to your data when you use the app and the website at pipevoice.app. The short version: PipeVoice is local-first, the desktop app talks to no server of ours, and we receive none of your data from the app.

The PipeVoice desktop app has no analytics, no telemetry, no tracking, no crash reporting, and no developer-operated backend. We do not collect, see, or receive any of your audio, transcripts, settings, or API keys from the app.
Your microphone audio and transcribed text are kept in memory only, for one utterance at a time, and are never written to disk by the app.
If you choose a cloud transcription or AI cleanup engine, your audio or text goes to the provider you picked, using your own API key. It does not pass through any server we control.
If you use the fully local engines (Local Whisper, Ollama), nothing leaves your PC at all.
The website is different: if you submit your email there, it reaches our email provider (Resend) through a serverless function we operate, the site loads fonts from Google's CDN, and we keep simple cookieless, aggregate visitor counts (no IP address stored). Details below.
We never sell your data. There are no ads.

Who This Covers

This policy covers two things:

The PipeVoice desktop app for Windows.
The website at pipevoice.app.

They are described separately below because they behave differently. The desktop app contacts no server of ours. The website does run one serverless function we operate, for the optional email signup.

The Desktop App

What the app does with your audio

When you hold the hotkey, PipeVoice captures microphone audio (16 kHz mono PCM) only while the key is held. That audio is used for one purpose: turning your speech into text. Where it goes depends entirely on the engine you choose:

Local Whisper (faster-whisper), fully offline. The audio never leaves your PC. The first time you ever use this engine, faster-whisper downloads the model file (about 150 MB) from Hugging Face. After that, transcription is fully on-device.
OpenAI engine. The recorded WAV audio is uploaded to OpenAI's transcription API (api.openai.com) using your own OPENAI_API_KEY.
Deepgram engine. The audio is streamed over a websocket to Deepgram (api.deepgram.com) using your own DEEPGRAM_API_KEY.

The engine is your choice. Cloud engines send your audio only to the provider you selected and supplied a key for. If a cloud engine fails (for example, no internet), the app may retry the same audio once with Local Whisper, which stays on your device.

Your audio is never persisted by the app. Audio frames live only in memory for the length of a single utterance and are discarded after transcription. They are never written to disk. What happens to audio after it reaches OpenAI or Deepgram is governed by those providers' own policies, not by us.

What the app does with your transcribed text

Once your speech is transcribed, the text is typed into whatever window has focus on your PC (via keystrokes or paste), or copied to the Windows clipboard when you use the clipboard hotkey.

If you turn on AI cleanup ("Flow mode"), the transcript is additionally sent to the cleanup provider you chose, using your own key, so it can be polished:

OpenAI (api.openai.com)
Google Gemini (generativelanguage.googleapis.com)
OpenRouter (openrouter.ai)
Ollama (a local model at localhost:11434, which stays on your device)

The provider is your choice. If you use Ollama, the text never leaves your PC. Transcribed text is not saved to any history file. It is held in memory only. The only place text-related information might touch disk is the local log file (below), and even then only as error messages on failure, never the contents of your transcripts.

Your API keys

To use a cloud engine, you supply your own API key for that provider (OPENAI_API_KEY, DEEPGRAM_API_KEY, GEMINI_API_KEY, or OPENROUTER_API_KEY). These keys authenticate your own account to the provider you chose.

Keys are stored locally only, in plaintext, in %APPDATA%\PipeVoice\.env.
Keys are sent only to the matching provider, as the credential on your API requests. They are never sent anywhere else, and never to any first-party or developer server, because there is none.
Keys are deliberately never written to config.json. The app keeps a strict split between secret and non-secret data.
Keys stay on disk until you change or delete them.

Your settings and other local data

PipeVoice stores your preferences locally so it can remember how you like it to work. All of this lives in your per-user folder, %APPDATA%\PipeVoice\. None of it is transmitted to us.

Settings (config.json): engine choice, hotkeys, language, microphone device, model names, overlay/sounds/auto-update/AI-cleanup/auto-enter toggles, and output mode.
Vocabulary and word-replacement fixes (in config.json): your custom terms and "wrong = right" pairs. The vocabulary text is also sent to the transcription provider you already chose, as a recognition hint, to help it recognize names and jargon. Your replacement pairs are applied locally only.
Speech notes (in config.json): your free-text description of your accent, stutter, or fillers. This is embedded into the AI cleanup prompt sent to your chosen cleanup provider, but only when AI cleanup is enabled and actually runs.

Other items in that folder: pipevoice.log (an app log plus error traces, but no transcript bodies), a temporary installer downloaded during auto-update (deleted on the next start), and a generated launcher file. Autostart, if enabled, is a single registry value under HKCU\...\Run named "PipeVoice". Your microphone audio and transcripts are never stored in this folder, or anywhere on disk.

Running on your machine

To make sure only one copy of PipeVoice runs at a time, the app binds a local socket on your own machine (127.0.0.1:49517). This is entirely local, transmits no data, and never leaves your PC.

The update check

When the app starts (if auto-update is on) or when you check manually, PipeVoice asks GitHub whether a newer version exists. This is the only network request the app makes on its own, without you choosing a cloud engine.

It is an unauthenticated GET to the GitHub Releases API (api.github.com).
It sends no user data: no settings, no identifiers, no query parameters. The only thing it includes is a fixed User-Agent string, "Pipevoice-updater".
Your installed version is compared against the latest release tag locally, on your machine.
If an update is available and you proceed, the app downloads the installer and its checksum from github.com, and verifies the installer with SHA-256 before running it.
You can turn this off with the auto-update setting.

Browser "Get a key" links

When you click a "Get a key" link in the welcome or key-entry dialogs, the app simply opens the provider's signup page (such as platform.openai.com or console.deepgram.com) in your default browser. This is user-initiated, and the app itself sends no data. Once the page is open, that provider's own privacy policy applies.

Third parties the app may contact

Depending on the engines you choose, the app may contact:

OpenAI (api.openai.com): transcription and/or AI cleanup, with your own key, only if you select it.
Deepgram (api.deepgram.com): streaming transcription, with your own key, only if you select it.
Google Gemini (generativelanguage.googleapis.com): AI cleanup only, with your own key, only if you select it.
OpenRouter (openrouter.ai): AI cleanup only, with your own key, only if you select it.
Ollama (localhost:11434): local AI cleanup, on your device, nothing leaves the machine.
GitHub (api.github.com and github.com): update checks and installer downloads, with no user data sent.
Hugging Face: only on first-ever use of the Local Whisper engine, to download the model file.

We are not one of these third parties, and we do not receive copies of anything sent to them. Each provider handles your data under its own privacy policy.

What the app explicitly does NOT do

No analytics, no telemetry, no tracking, no crash reporting.
No first-party or developer-operated backend server. The developers receive zero user data from the app.
No storing of your audio or transcripts on disk.
No transmitting of your settings, vocabulary, speech notes, or API keys to us.

The Website (pipevoice.app)

The website is separate from the desktop app and behaves differently. Unlike the app, the website does contact a couple of outside services, and it runs one serverless function we operate.

Email signup

If you enter your email address, we use it to send build and product update notifications and to offer early access to a future paid "Pro" tier.

Your email is sent first to our own serverless function (hosted on Vercel), which then forwards it to Resend (api.resend.com), our email provider, where it is stored in a Resend audience. Only your email address is forwarded to Resend.
There is an optional "Role" dropdown. Your role is used server-side for one thing only: deciding whether to also add your email to a second, segmented audience in Resend. The role value itself is not sent to Resend and is not stored anywhere.
A hidden anti-spam field is used to catch bots. If it is filled in, the submission is silently dropped. Its value is never stored or sent anywhere.

Signing up is optional. After you click Download, a small modal appears offering to capture your email, but the app download proceeds either way, and you can choose "No thanks, just downloading." Your email is stored in Resend indefinitely until you unsubscribe or are removed. You can unsubscribe at any time, and you can contact us to have your email deleted.

Feedback you send

If you use Send feedback in the app, the message you type — plus your PipeVoice version and Windows version, and your email only if you choose to enter one — is sent to us so we can read and reply to it. Nothing is sent unless you click Send; we never transmit your audio or transcripts.

Google Fonts

The website loads its fonts (Geist and Geist Mono) from Google's CDN (fonts.googleapis.com and fonts.gstatic.com). Because your browser fetches these directly from Google, Google receives standard request information, including your IP address, on each page load. We do not control Google's handling of that data. It is covered by Google's own privacy policy.

Hosting and outbound links

The site and its signup function are hosted on Vercel.
The website links out to GitHub (source code and the app download) and to SignalEngine (a footer link). These are plain links and downloads. We do not send your data to them.
Aggregate, anonymous visitor counts are stored in Upstash (a hosted Redis service). No personal data and no IP addresses are stored there.

Analytics and cookies on the website

The website sets no cookies and uses no localStorage, sessionStorage, or IndexedDB. We use no third-party analytics, no tag managers, no tracking pixels, and no third-party tracker scripts.

We do keep simple, first-party, aggregate analytics so we can see how many people visit. When a page loads, your browser sends the path you viewed, the referring website, and any campaign tags (the utm_source, utm_medium, and utm_campaign values in the link you followed, if present) to our own /api/track endpoint. To estimate how many distinct people visit without identifying anyone, we take a one-way hash that mixes your IP address, browser user-agent, and the current date with a secret, and feed only that hash into an aggregate counter (a HyperLogLog). That counter stores no identifiers and cannot be reversed. Your IP address itself is never stored, and because the hash includes the date it changes every day, so it cannot be used to follow you over time or across days. These aggregate counts are held in our own Redis datastore (Upstash). We collect no names and nothing that identifies you.

Your Rights and How to Delete Your Data

App data. Everything the app stores lives on your own PC in %APPDATA%\PipeVoice\. You can delete any of it (settings, vocabulary, speech notes, your .env with your API keys, the log file) at any time, or uninstall the app to remove it. We hold no copy, so there is nothing for us to delete on your behalf.
Your email on our list. You can unsubscribe at any time using the link in any email we send. To have your email address deleted entirely from Resend, contact us using the details below and we will remove it.
Data sent to providers. Audio and text you send to OpenAI, Deepgram, Google Gemini, or OpenRouter using your own key are governed by those providers' own policies and your own account with them. Requests to access or delete that data should be directed to the provider.

Selling and Sharing Data

We never sell your data, and we do not share it for advertising. We do not have your app data to sell. The only place we forward any personal information is your email address to Resend, solely to operate the mailing list you chose to join. There are no ads in the app or on the website.

Children

PipeVoice is a general-purpose tool and is not directed at children. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy from time to time. When we do, we will change the "Last updated" date at the top. Please check back occasionally.

Contact

Questions about this policy, or want your email removed from our list? Email us at james@powleads.com.