Privacy Policy — Just Say It

Last updated 2026-06-09.

What Just Say It is

Just Say It is a voice dictation tool for macOS. You hold a key, speak, and cleaned text is injected at your cursor in whatever app you're using. This page explains what the app can access, what each third party we use can see, and — importantly — the difference between what we can prove and what we can only point you to.

Permissions the app needs, and why

Microphone — to capture your speech while you hold the hotkey. Audio is captured only during an active recording session.
Accessibility — to inject the cleaned text at your cursor (synthesized keystrokes, a clipboard paste with restore, or the accessibility value API) and to detect injection failures.
Input Monitoring — to detect your configured hotkey in global keyboard events. We do not capture or transmit any keystroke other than the hotkey itself.
Optional, opt-in: crash and usage telemetry. Off by default.

What is provably true (verifiable in our code / by inspection)

These are guarantees our own architecture enforces — not promises about third parties:

No API keys on your device. All provider keys live only in our backend proxy.
No keylogging. We observe only the configured hotkey, never your other keystrokes.
No screen reading. We do not capture screen contents, window titles, or URLs.
We do not send the app you're using. Your Mac picks a tone hint (formal / neutral / casual) from the frontmost app locally; only that tone category — not the app's identity — is sent with a cleanup request. (App categories are sent only if you opt into analytics.)
Our proxy stores none of your content. It is a pass-through pipe: it does not write your audio or transcripts to disk or to any database, and it does not log their contents. The only things it records server-side are your email + a user id (so you can sign in) and a word count for usage limits — never the words themselves. (This "no content in logs" behavior is enforced by an automated test in our codebase.)
On-device data stays on-device unless you opt in. Your personal dictionary, your usage log, and correction captures live only on your Mac. The usage log holds no transcript text unless you turn on retention in Settings (off by default); correction-capture cloud sync is opt-in.
Script conversion adds no third party. Simplified→Traditional Chinese conversion runs inside our proxy with a bundled library — no extra network call, nothing stored.
TLS protects data in transit to our proxy and to our providers.

How your audio and transcript are handled by our providers

At v1, Just Say It is cloud-only (no offline mode yet). To turn your speech into clean text:

Your audio is streamed over TLS to our proxy, which pipes it to Soniox (speech-to-text).
Your transcript (plus tone, language, and your dictionary terms) is sent to Anthropic (Claude) for the reductive cleanup pass.

Our proxy stores none of this and does not log its contents (point 5 above). Once the data reaches our providers, their handling is governed by their own published policies, which we cite below. We are citing the providers' statements — we are not issuing our own absolute guarantees, and we have not yet obtained separate written confirmation from them:

Soniox (speech-to-text). We use Soniox's realtime streaming transcription (stt-rt-v4). For streaming use, Soniox's published security & privacy documentation states it does not store audio or transcripts and does not use them for training — Soniox security & privacy, Soniox privacy policy. (This describes the realtime streaming path we use; it is not a blanket claim about Soniox's other, async APIs, which we do not use.)
Anthropic (cleanup). We call the Anthropic API under commercial terms, for which Anthropic states that inputs and outputs are not used to train its models by default — Is my data used for model training?. Anthropic's consumer-terms update confirms those consumer terms do not apply to API use — Updates to our consumer terms. That default has opt-in exceptions (e.g. submitting message feedback); we do not submit message feedback.

If sending audio off-device to these providers is unacceptable for your work, this product is not yet right for you (an offline mode is not available at v1).

We have separately requested written confirmation of these commitments from both providers. Until that is in hand, treat the statements above as the vendors' own published policies (linked), not as guarantees we independently warrant.

What we do not commit to (so we stay honest)

Not HIPAA-eligible at v1 — do not use it for protected health information.
Not SOC 2 certified.
Cloud mode sends audio off-device — see the section above.
Not air-gap-suitable, even later in local mode, because the app checks for updates (Sparkle) and, if you enable it, sends telemetry.

Usage limits

Free tier: 8,000 words per week. Words are counted in a way that's comparable across languages — each non-Chinese word counts as one, and each Chinese character counts as one — so the limit is roughly the same amount of dictation whether you speak English, Chinese, or a mix. Empty or failed dictations are not counted.

Subprocessors

Subprocessor	Purpose	Data it can see	Retention / training	Notes
Soniox	Speech-to-text (v1 ASR, realtime streaming `stt-rt-v4`)	Your audio + transcript, in-flight	Per Soniox's published policy for streaming use: not stored, not used for training (security & privacy) — our separate written confirmation still pending	Our proxy stores/logs none of it (pass-through).
Anthropic	Transcript cleanup (Claude)	Transcript + tone/language/dictionary, in-flight	Per Anthropic's API/commercial policy: not used for training by default (policy); we submit no feedback — our separate written confirmation still pending	Our proxy stores/logs none of it.
(Cloud host)	Backend proxy infrastructure	TLS-terminated traffic	—	Hosting only.
Supabase	Sign-in + accounts/usage database	Email + user id; per-week word count	No transcripts or audio, ever	Used for auth + usage limits.
Sparkle	Update channel	Version-check requests only	n/a	EdDSA-signed updates.
PostHog (opt-in only)	Product analytics	App-category, latency, error codes; no transcripts	n/a	Off by default.

Security reporting

Report security issues privately to [email protected] (also published at /.well-known/security.txt).

Changes to this policy

We will update this page as our architecture and providers change — including upgrading the third-party sections above to firm guarantees once we have written confirmation. The engineering source of truth is SECURITY.md in the repository.