Privacy Policy

Last updated: May 10, 2026

Plain-language version. We don't sell your data. We don't track you across the web. Most users never sign in — for them, IndianWhisper runs 100% on-device. If you do sign in to sync transcripts across devices, we store specific fields in our database and you can ask us to delete them at any time. Details below.

1. What we collect

Free / anonymous users (no sign-in). Nothing leaves your device. The Mac app uses WhisperKit on Apple's on-device CoreML; the Windows app uses local Whisper.cpp; the Chrome extension uses your browser's built-in Web Speech API. We don't see your audio, your transcripts, your usage, or your IP address. No account is required to use the free tier.

Signed-in users (Pro, or free users who choose to sign in for cloud sync). When you sign in, you opt in to sending your transcripts to our database so they can sync across your devices. For each transcript, we store the following columns:

  • raw_text — the full transcript text
  • cleaned_text — optional LLM-cleaned version (only if you ran cleanup)
  • language — detected BCP-47 code (e.g. hi-IN, en-IN)
  • model_used — which transcription model produced it
  • duration_seconds, word_count, char_count — basic metrics
  • audio_sha256 — a hash of the audio (used only for dedupe; we do not store the audio file itself)
  • app_context — which app or website you were dictating into (e.g. {"app": "Slack"}) so the dashboard can group by source
  • metadata — flexible JSON for future fields, currently empty by default

We also store the email address you used to sign in (for authentication), and a per-device device_id so you can revoke a specific machine. We do not store the raw audio file. Ever.

2. Where we store it

Supabase (Postgres 15) in region ap-south-1 (Mumbai, India). Picking an Indian region is intentional: it keeps latency low for Indian users and keeps personal data local under the Digital Personal Data Protection Act 2023. Backups and point-in-time recovery snapshots stay in the same region.

3. Why we store it

  • Sync your transcripts across the devices you sign in on (Mac, Windows, Chrome, the future Studio web app).
  • Search across your dictation history (semantic search is on the roadmap, hence the chunked-embedding table).
  • Restore your work if you change machines or lose access to a local copy.

We do not use your transcripts to train models, sell to advertisers, or share with third parties for marketing. Period.

4. Retention

We keep your transcripts until you delete them. When you delete a transcript, we set a deleted_at timestamp on the row (soft delete) so a misclick can be undone for up to 30 days. After 30 days, a scheduled job hard-deletes the row from the database and from backups on their next rotation.

5. How to delete your data

Right now (May 2026): email support@indianwhisper.com from your account email. We'll confirm and hard-delete within 5 business days.

In Month 2 (target: June 2026): a one-click "Delete my account and all data" button in the in-app account dashboard.

6. Who else has access

Nobody outside of you. Every table that contains user data has Postgres Row-Level Security enabled with the rule auth.uid() = user_id. Even if a bug shipped a wrong query, the database itself would refuse to return another user's rows.

We don't routinely read transcripts. The only situation where a member of our team would look at a row is if you write to support and explicitly ask us to investigate something specific (e.g. "why didn't this transcript sync?"). We'll ask for written consent in the support thread before we run that query, and we'll only inspect the specific row you reference.

7. Cookies

The Mac app, Windows app, and Chrome extension use no cookies at all. The website at indianwhisper.com sets a Supabase auth cookie only after you sign in, and only to keep you signed in. We do not use Google Analytics, Facebook Pixel, Mixpanel, or any third-party tracking script.

8. Third parties we share data with

  • Lemon Squeezy — handles payment as our Merchant of Record. They see your billing email, country, and the amount paid. They process taxes (GST / VAT / sales tax) on our behalf. They never see your transcripts.
  • Resend — sends one-time login codes to your email. They see your email address and the code. They don't see your transcripts.
  • Supabase — our database and auth host. They are a data processor under our agreement; they don't access your data for any purpose outside running the database.
  • Vercel — hosts the indianwhisper.com website and API. They see request metadata (URL, status code, timing) but not your transcript content.

That's the complete list. No ad networks, no analytics SaaS, no data brokers.

9. Your rights

Under the DPDP Act 2023 (India) and GDPR (EU), you can ask us to:

  • Access — give you a copy of everything we store about you.
  • Correct — fix anything wrong (e.g. a typo in your email).
  • Delete — wipe your account and every row tied to your user_id.
  • Port — export your transcripts in JSON or CSV.
  • Withdraw consent — stop the cloud sync at any time. (Your local app keeps working.)

Email support@indianwhisper.com with the request. Response within 5 business days.

10. Source code

The website and Chrome extension are open source. You can audit how we collect data at github.com/aiagentwithdhruv/indian-whisper.

11. Contact

Operator: AIwithDhruv (Dhruv Tomar). India-based.
Email: support@indianwhisper.com

When this policy changes, we update the "Last updated" date at the top and notify signed-in users by email at least 14 days before any material change takes effect.

← Back to IndianWhisper·Terms of Service