Is My Voice Data Safe? A Look at Our Security and Privacy

The short answer: AICHE encrypts local data with AES-256-GCM, streams audio to Groq over modern TLS, transcribes it in seconds, and discards the audio immediately after processing, within 1 second. Cloud sync is end-to-end encrypted with an Argon2id-derived key only you hold.

Dictating sensitive business information, client names, or personal thoughts requires absolute trust that your voice recordings won't be stored, leaked, or used for training AI models.

How It Works

1. When you record, audio is held on-device in an encrypted store - hardware-bound AES-256-GCM files on Mac, iOS Data Protection on iPhone and iPad, and the platform's File-Based Encryption on Android.
2. When processing starts, AICHE sends the audio to Groq over modern TLS (1.3 where the OS supports it). On iOS and Android the connection adds certificate pinning so the app only trusts the exact server certificates we ship.

3. Groq transcribes the audio and returns the text. AICHE then runs its cleanup pipeline (hallucination filter, filler removal, punctuation, custom vocabulary, optional Software Development profile, fast LLM polish) with zero retention at each step.
4. The audio is discarded immediately after processing, within 1 second. Not archived, not moved to cold storage, not retained for any purpose.
5. Only the text transcription returns to your device, where it's stored in your encrypted local history.
6. We log no IP addresses, no timestamps, no behavioral data. Zero retention means zero data to leak or subpoena.

Heads-up: while audio is discarded immediately after processing, within 1 second, text transcriptions stay in your local encrypted history until you manually delete them. If you dictate sensitive information, clear your history regularly from the History panel.

The pro-tip: the Later queue keeps offline recordings on your device until you process them. These files are AES-256-GCM encrypted, but they exist as audio until processed. For maximum privacy, process your Later queue promptly when internet returns.

The Data Lifecycle

Understanding exactly where your voice data exists at each moment helps you make informed decisions about what to dictate.

Step 1: Recording (Your Device Only)

When you press the hotkey, audio is captured by your microphone and held in AICHE's local encrypted store. On Mac, that's AES-256-GCM encrypted files in a secure store with keys hardware-bound to the machine's UUID. On iPhone and iPad, it's Apple's iOS Data Protection - the same encryption that secures Messages, Mail, and Photos - with credentials in the iOS Keychain. On Android, it's the OS's File-Based Encryption with auth tokens stored in EncryptedSharedPreferences backed by the Android Keystore. At this point, your recording exists only on your device, fully encrypted.

Step 2: Transmission (Encrypted in Transit)

When you stop recording, AICHE sends the audio to Groq over modern TLS (TLS 1.3 where the OS supports it; older Android versions may negotiate TLS 1.2). On iOS and Android the connection adds certificate pinning - the app only trusts the exact server certificates we ship. The connection is authenticated and encrypted, so no intermediary (ISP, network admin, WiFi operator) can read the audio stream.

Step 3: Processing (Transient Server Presence)

Groq transcribes the audio. AICHE then runs its post-Whisper pipeline: an empirical hallucination filter, filler-word and stutter removal, punctuation and paragraph normalization, your custom vocabulary (50 entries per user), the Software Development profile if you're on Pro, and a fast LLM polish. The audio file exists only during processing and is discarded immediately after processing, within 1 second.

Step 4: Deletion (Immediate, Permanent)

The moment transcription completes, the audio file is discarded. Not archived, not moved to cold storage, not retained for any purpose. The only data that returns to your device is the text transcription. The LLM polish step doesn't log, doesn't train, doesn't store.

Step 5: Local Storage (Your Control)

The text transcription is stored in your local encrypted History. You control this data completely - view it, search it, copy it, or delete it whenever you choose.

Telemetry: What Actually Leaves Your Device

AICHE runs a deliberately narrow telemetry surface.

On desktop (macOS, Windows, Linux): nothing automatic. No analytics SDK silently shipping behavior or usage data. The only desktop diagnostic surfaces are user-initiated: either the OS-level "share with developer" prompt that macOS and Windows show after a crash (which you have to accept), or a manual "Send Diagnostic Report" button you click yourself. Nothing leaves the desktop app without explicit per-event consent.

On mobile (iOS, Android): Privacy-first analytics. Firebase Analytics tracks sign-in and subscription events only. Your transcription content, your audio, your recordings, and your sharing behavior stay out of the pipeline. On Android, no ad ID is collected.

Your audio is yours. Recordings and transcriptions are never used to train or fine-tune any AI model. Your voice data isn't a product.

Encryption Details

Local Storage: AES-256-GCM

All local data - recordings in the Later queue, text in History, account credentials - is encrypted with AES-256-GCM, the standard used by governments and financial institutions for classified information. The mechanism is tuned to each platform: on Mac, AES-256-GCM encrypted files in a secure store with keys hardware-bound to the machine's UUID. On iPhone and iPad, Apple's iOS Data Protection - the encryption layer behind Messages, Mail, and Photos - with credentials and key material held in the iOS Keychain. On Android, File-Based Encryption at the OS level with auth tokens in EncryptedSharedPreferences backed by the Android Keystore.

If someone copies your AICHE store off your device, they get an encrypted blob bound to hardware they don't have.

Cloud Sync: End-to-End Encryption

If you opt into cloud sync, your passphrase derives an encryption key locally via Argon2id (memory 65536 KiB, iterations 3, parallelism 4). The server only ever sees encrypted ciphertext. Only you can decrypt your notes.

Transit: Modern TLS + Certificate Pinning on iOS and Android

Audio travels between your device and Groq over modern TLS - TLS 1.3 where the OS supports it (iOS, macOS, and Android 10+), with older Android versions negotiating TLS 1.2. TLS provides forward secrecy - even if a session key were compromised in the future, past transmissions remain encrypted with different keys. On iOS and Android, AICHE adds certificate pinning, so the app only trusts the exact server certificates we ship.

Compliance and Business Use

For organizations handling sensitive data, AICHE's zero-retention architecture means voice dictation doesn't create new compliance obligations around data storage. Since audio is discarded immediately after processing, within 1 second and text lives only on the user's device, there's no server-side data to audit, subpoena, or breach.

This makes AICHE suitable for environments with strict data handling requirements - legal firms dictating case notes, healthcare professionals recording patient summaries (stored locally and encrypted), and financial services professionals discussing client matters.

For full technical details on our security architecture, visit the AICHE Trust Center.

What You Get

• AES-256-GCM at rest. Local recordings, Later queue audio, and cloud sync ciphertext all encrypted to the same standard.
• Argon2id key derivation for cloud sync. Memory 65536 KiB, iterations 3, parallelism 4. The server never sees your key.
• Modern TLS in transit (TLS 1.3 where the OS supports it), with certificate pinning on iOS and Android.
• Audio retention: discarded immediately after processing, within 1 second. Named provider: Groq. No persistent audio storage.
• No automatic desktop telemetry. Diagnostics on macOS, Windows, and Linux are user-initiated: the OS-level "share with developer" prompt after a crash, or a manual Send Diagnostic Report button.
• Privacy-first mobile telemetry. Firebase Analytics for sign-in and subscription events only - no transcription content, no audio, no recordings, no sharing behavior tracked. On Android, no ad ID is collected.
• Recordings never train any AI model.

Personal is $4.99/mo monthly or $3.99/mo on annual. Pro is $9.99/mo monthly or $8.33/mo on annual. From $3.99/mo with a 7-day free trial, no credit card. See pricing.

Result: you dictate 50 voice notes containing client information over two weeks. Each audio file exists only during processing, then is discarded immediately after processing, within 1 second. Nothing remains anywhere except encrypted on your local device.

Do this now: check the privacy indicator in AICHE's interface to confirm zero retention is active, then review the full security documentation at aiche.app/trust.