— Privacy Policy

Your voice. Your words. Your machine.

Last updated · April 22, 2026

TL;DR

We built rekody privacy-first. The open-source CLI sends nothing to our servers. rekody Pro adds a cloud proxy for premium engines — we transcribe your audio and immediately discard it. We never store your transcripts, and we never train models on anything you dictate.

Overview

This policy explains what data rekody collects, how we use it, and the choices you have. It applies to rekody (the open-source CLI at github.com/rekody/rekody), rekody Pro (the paid desktop app), our website at rekody.com, and any services we operate under the rekody brand (collectively, "rekody").

rekody is operated by Tony Kipkemboi, an individual sole proprietor based in the United States. If we incorporate an entity in the future, we will update this policy with the new controller of your data.

Two products, two data paths

rekody ships in two forms. The data we receive depends on which one you use.

rekody CLI (free, open source)

The CLI is MIT-licensed software that runs entirely on your Mac. Audio capture, voice activity detection, transcription (via local Whisper or a cloud provider you configure with your own API key), cleanup, and text injection all happen on your device. We do not operate any server that the CLI talks to. If you install from Homebrew or download a release, the only data we see is standard download logs from those platforms — not from us.

If you configure a third-party speech-to-text or LLM provider with your own API key, your audio and text are sent directly from your Mac to that provider under their terms. We are not in the middle.

rekody Pro (paid)

Pro adds features that require a server: account management, licensing, a managed cloud proxy for premium engines, and usage metering. When you use Pro, audio and text pass through our infrastructure on their way to the AI provider. The details of what we store — and what we don't — are below.

Information we collect

Account information

When you sign up for rekody Pro, we collect your email address, a hashed password (or an OAuth identifier if you sign in with Google or Apple), and a display name if you provide one. This is the minimum needed to operate your account.

Billing information

Payments are handled by our payment processor. We do not receive or store your full card number, CVV, or bank account details. We receive a processor-issued customer ID, the last four digits of your card, card brand, billing country, and subscription state (trial, active, canceled).

Audio and transcripts

When you dictate with Pro using the managed proxy, your audio is streamed to our servers, immediately forwarded to the AI provider, and the returned transcript is streamed back to your Mac. Audio is held in memory only for the duration of the request and is never written to disk on our servers. Transcripts are likewise not persisted — they are injected at your cursor on your device and then discarded by us.

If the AI provider experiences a transient failure, we may log the timestamp and an opaque error identifier — never the audio itself or the text.

Usage data

For billing and fair-use enforcement, we record metered usage per account: the number of dictation sessions per day, the total audio minutes processed, and which engine was used (e.g. deepgram-nova-3, whisper-large-v3). These counters do not include any content from your dictations.

Device and diagnostic information

The Pro app reports anonymized diagnostics to help us debug crashes and measure reliability: your macOS version (e.g. 14.4), CPU architecture (Apple Silicon or Intel), rekody version, a randomly generated install ID (no persistent fingerprint), and anonymized error traces. This is opt-out — toggle it off in Settings → Privacy, and the app stops sending diagnostics entirely.

Website and support

Our website uses privacy-friendly analytics (Vercel Analytics) which does not set tracking cookies or collect personal data. If you email us for support, we receive your email address and whatever you choose to include in the message.

How we use information

We use the data we collect only for these purposes:

  • Operate the service. Authenticate your license, route your dictation through the right engine, meter usage against your plan, and deliver transcripts back to your Mac.
  • Bill and support. Process payments, send receipts, handle subscription changes, and respond when you email us.
  • Improve quality. Fix bugs from anonymized crash reports, measure feature reliability, and decide what to build next.
  • Protect the service. Detect abuse (e.g. a single license used across thousands of machines), prevent fraud, and comply with legal obligations.

We do not use your data for any other purpose without asking you first.

What we never do

  • We do not train AI models on your audio, transcripts, or any content you dictate. Not ours, not anyone else's.
  • We do not sell your data. To advertisers, to data brokers, to anyone.
  • We do not profile you for advertising or run ad networks on our properties.
  • We do not retain your dictation content. Audio is discarded immediately after transcription; transcripts are never stored server-side.
  • We do not share your content with the AI providers beyond what's needed to transcribe it, and we choose providers that contractually agree not to train on our traffic.

Sub-processors

We use a small number of third-party services to run rekody Pro. Each one is bound by a data-processing agreement that limits what they can do with your data. This list is current as of the "Last updated" date above — we revise it when we add or remove a vendor.

VendorPurposeData processed
Cloud hosting providerApplication servers, databaseAccount info, usage counters
Payment processorSubscriptions, invoicingBilling details (we never see the card)
Authentication providerLogin, password reset, OAuthEmail, hashed password or OAuth ID
Speech-to-text providersPremium transcription enginesAudio stream (not persisted by us)
LLM providersCleanup / post-processingRaw transcript (not persisted by us)
Email deliveryTransactional email (receipts, alerts)Your email, message content
Error monitoringCrash reports, diagnosticsAnonymized stack traces, device info
Website hosting + analyticsrekody.comIP-anonymized traffic data

Our current vendor selections for each category, along with their data-processing addenda, are published at rekody.com/subprocessors and updated when anything changes.

Data retention

  • Audio: Held in memory only. Never written to disk. Lifetime measured in seconds.
  • Transcripts: Same — never persisted server-side.
  • Usage counters: 13 months, then deleted.
  • Account records: For as long as your account is active, plus 30 days after deletion (to allow recovery), then purged.
  • Billing records: 7 years, as required for tax and accounting.
  • Support emails: 2 years after the last response.
  • Diagnostic/crash data: 90 days.

Your rights and choices

No matter where you live, you have the following rights with respect to your data held by rekody:

  • Access — Request a copy of the data we hold about you.
  • Correct — Ask us to fix anything inaccurate.
  • Delete — Close your account and purge your records. You can do this from the Pro app (Settings → Account → Delete account) or by emailing us.
  • Export — Download your account data in a portable format.
  • Object — Turn off diagnostics, opt out of marketing email, or ask us to stop a specific processing activity.

If you're in the EU, UK, Switzerland, or a US state with a comprehensive privacy law (California, Colorado, Connecticut, Virginia, Utah, and others), you have the same rights under your local law. We honor requests regardless of where you are. To exercise any of them, email support@rekody.com — we respond within 30 days.

California residents specifically: we do not sell or share personal information as those terms are defined by the CCPA/CPRA.

Cookies and analytics

Our marketing website uses one strictly necessary session cookie and privacy-friendly analytics (Vercel Analytics) that does not set any tracking cookies. The Pro app does not use web cookies at all.

We do not use third-party advertising cookies, remarketing pixels, or cross-site tracking. We do not have a Google Analytics or Meta Pixel.

Children

rekody is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has provided us data, email support@rekody.com and we will delete it.

International transfers

Our servers are hosted in the United States. If you use rekody from outside the US, your data will be transferred to and processed in the US. For transfers from the EEA, UK, and Switzerland, we rely on the European Commission's Standard Contractual Clauses with our sub-processors.

Security

Our security practices are documented on the dedicated security page. The short version: encrypted in transit (TLS 1.3), encrypted at rest (AES-256), zero retention for audio and transcripts, signed and notarized app binaries, and a vulnerability disclosure program at security@rekody.com.

Changes to this policy

If we make material changes, we'll update the "Last updated" date at the top and — for material changes that affect you — notify you by email at least 30 days before the change takes effect. Historical versions are available on request.

Contact

Privacy questions: support@rekody.com
Security disclosures: security@rekody.com
General support: hi@rekody.com

Postal: Tony Kipkemboi (d/b/a rekody), United States. Full mailing address available on request.