Privacy Policy

Our Privacy Commitment

At Mahasen Voice, we believe your voice data is yours and yours alone. We've built our application with a privacy-first architecture that ensures your voice recordings and transcriptions never leave your device after your transcription is completed.

What Data We Collect

1. Local Data (Stored Only on Your Device)

• Voice Recordings: WAV audio files of your dictations (encrypted with AES-256-GCM)
• Transcriptions: Text output from speech-to-text processing
• Application Settings: Your preferences, email signatures, hotkey configurations (encrypted)
• Recording History: Metadata about your recordings (timestamps, app context, word counts)
• Audit Logs: Security events for compliance (recording creation/deletion, settings changes)

2. Server-Side Data (Minimal)

• User Account: Email address, name (for authentication via Supabase)
• Subscription Status: Current plan, billing information (managed by Polar.sh)
• Device Fingerprint: Anonymous device ID for licensing (does not contain personal information)

3. Analytics Data (Anonymous)

We use PostHog for anonymous product analytics to improve the app experience.

• App launch events, feature usage patterns
• Error reports and crash logs (anonymized)
• Device type, OS version, app version
• We do NOT track: Voice content, transcription data, or any personal data

How We Use Your Data

• Voice Recordings & Transcriptions: Used solely for providing the voice-to-text service. Processed in real-time, then stored locally. Never used for AI training.
• Account Information: Used for authentication, subscription management, and customer support
• Analytics Data: Used to improve app performance, fix bugs, and understand feature usage
• Audit Logs: Used for security monitoring and compliance verification (SOC 2 requirements)

Data Security

We implement enterprise-grade security measures to protect your data:

• AES-256-GCM Encryption: All voice recordings are encrypted at rest using the same encryption standard used by banks and governments
• OS-Level Key Storage: Encryption keys are stored in your system's secure keychain (Windows DPAPI, macOS Keychain, Linux libsecret)
• Memory Clearing: Audio buffers are securely wiped from RAM after processing to prevent memory dumps
• Encrypted Settings: Your preferences and email signatures are encrypted before storage
• HTTPS/TLS: All network communication uses industry-standard encryption

Data Retention

• Local Data: Retained on your device until you delete it. You can optionally configure auto-cleanup in Settings (e.g., delete recordings older than 30 days)
• Account Data: Retained while your account is active. Deleted within 30 days of account closure
• Analytics Data: Anonymized data retained for 12 months for product improvement
• Audit Logs: Local audit logs rotated at 10MB. Older logs are archived locally

Your Rights (GDPR & Privacy Laws)

You have the following rights regarding your personal data:

Third-Party Services

We use the following third-party services:

• Supabase (authentication): Manages user accounts (Privacy Policy)
• Polar (payments): Handles subscription billing (Privacy Policy)
• PostHog (analytics): Anonymous product analytics (Privacy Policy)
• Anthropic Claude (AI processing): Real-time transcription and AI enhancement (data not retained)
• Groq (AI processing): Real-time transcription and AI enhancement (Privacy Policy)

Children's Privacy

Mahasen Voice is not intended for use by individuals under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Mahasen Voice after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights: