Privacy Policy

Last updated: April 15, 2026

Overview

Dictura (“we”, “us”, “our”) is a voice-to-text dictation application available on macOS, Windows, and iOS. Your privacy is not an afterthought — it is the foundation of how we build our product. This policy explains what data we collect, how we use it, the legal basis for processing, and your rights.

By using Dictura, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use Dictura.

What We Do Not Store

We do not store, retain, or have access to:

Your voice recordings or audio data
Your transcribed text
Your translated text
The content of any text you dictate or type into Dictura

In on-device mode, all audio processing happens locally on your device using on-device speech recognition. No data is sent to any server — not ours, not a third party's. Your audio never leaves your device.

In cloud mode, audio is sent to our servers, which use OpenAI's API for transcription. Audio passes through our infrastructure transiently and is never stored or logged. OpenAI processes the audio and returns the text. The audio is not stored by OpenAI beyond what is needed to complete the request, and it is not used to train their models.

What We Do Collect

We collect a limited set of account and usage data:

Account information: Email address, name (if provided), and authentication credentials for account management.
Subscription data: Plan type, billing status, and payment transaction identifiers for billing purposes.
Usage metrics: Cloud transcription minutes consumed, feature usage mode, and platform — used for billing, service operation, and understanding how our features are used. We track the duration and mode, not the content.
Device identifiers: Limited device and interaction identifiers used for license validation, app functionality, and basic service analytics (such as platform distribution and app version adoption). These are not used for advertising or cross-app tracking.

How We Use Your Data

We use the data we collect for the following purposes:

To provide, operate, and maintain the Dictura service, including account management and cloud transcription
To process subscriptions and manage billing through our payment processors (Polar and Apple)
To enforce usage limits (e.g., cloud transcription minutes) and prevent abuse
To communicate with you about your account, service updates, and support inquiries
To improve the App by understanding aggregate usage patterns (not individual content)
To comply with legal obligations and protect our rights

We do not use your data for advertising, profiling, automated decision-making, or selling to third parties.

Legal Basis for Processing

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or another jurisdiction that requires a legal basis for processing personal data, we rely on the following bases under the General Data Protection Regulation (GDPR):

Contract performance (Art. 6(1)(b)): Processing of account information, subscription data, and usage metrics is necessary to perform our contract with you — i.e., to provide the Dictura service you signed up for.
Legitimate interests (Art. 6(1)(f)): Processing of device identifiers and aggregate usage analytics is based on our legitimate interest in operating, securing, and improving the App, provided this interest is not overridden by your fundamental rights. You may object to this processing at any time (see Your Rights below).
Legal obligation (Art. 6(1)(c)): We may process certain data to comply with tax, accounting, or other legal obligations.

Device Permissions

Dictura requests only the permissions necessary for its core functionality:

Microphone: Required for voice dictation on all platforms. Audio is processed as described above and never stored.
Speech Recognition (iOS): Used for on-device speech processing when available. All recognition happens locally on the device.
Accessibility (macOS): Used to detect the active application and insert transcribed text. Dictura does not read or log content from other applications.
Face ID / Biometrics (iOS): If enabled by you, used to protect access to the app. Biometric data is handled entirely by iOS and is never accessed by Dictura.

iOS-Specific Data Practices

The iOS version of Dictura includes a custom keyboard extension and additional system integrations. This section describes how data is handled in those contexts.

Keyboard Extension: The Dictura keyboard requires Full Access to communicate with the main app for dictation. The keyboard does not independently access, log, or transmit your keystrokes. Full Access is used solely to coordinate dictation recording with the main Dictura app.
App Groups: The keyboard extension and the main app share a limited set of non-personal operational data (dictation state, preferences, feature flags) via a secure App Group container. No audio, text content, or personal data is shared through this mechanism.
Keychain: Authentication tokens and session credentials are stored securely in the iOS Keychain, protected by the device's hardware security.
Background Audio: The app may briefly maintain an audio session in the background to complete an in-progress dictation. No recording occurs when you are not actively dictating.
Live Activities: Dictura uses Live Activities to display dictation status on your Lock Screen and Dynamic Island. This feature displays only operational status and transmits no personal data.

Cookies

The Dictura website uses a small number of cookies that are strictly necessary for it to function. We do not use any analytics, advertising, or tracking cookies.

Authentication cookies: Set by Supabase when you sign in. These maintain your login session so you do not have to re-authenticate on every page. They expire when your session ends or after the configured session lifetime.
Functional cookies: A small number of cookies used for site functionality such as caching administrative state. These contain no personal information.

Because all cookies used by Dictura are strictly necessary for the operation of the website, they are exempt from consent requirements under the ePrivacy Directive. We do not set any optional cookies, so there is nothing to opt out of.

Third-Party Services

We only share user data with the third-party services listed below. Each provider is contractually or legally bound to protect your data to the same or equal standard as described in this policy and as required by applicable App Store guidelines.

OpenAI: Used for cloud transcription, AI translation, and text polishing. Audio and text are processed per request and not stored or used for model training. See OpenAI's Privacy Policy.
Polar: Used for subscription billing on macOS and Windows as our Merchant of Record. Polar processes your payment information directly — we never see or store your credit card or financial details. See Polar's Privacy Policy.
Apple: On iOS, subscriptions are purchased and managed through the App Store. Apple processes all payment information for iOS transactions. Apple also provides Sign In with Apple for authentication. See Apple's Privacy Policy.
Google: Used for Google Sign-In authentication. We receive only your name and email address from Google to create your account. See Google's Privacy Policy.
Facebook: Available as an OAuth sign-in option. If you choose to sign in with Facebook, we receive your name and email address to create your account. See Meta's Privacy Policy.
GitHub: Available as an OAuth sign-in option. If you choose to sign in with GitHub, we receive your name and email address to create your account. See GitHub's Privacy Statement.
Supabase: Used for authentication and account data storage. Hosted in the EU. See Supabase's Privacy Policy.
Resend: Used for sending transactional emails such as account notifications and support communications. Resend processes your email address solely to deliver these messages on our behalf. See Resend's Privacy Policy.
Perplexity: Used for the voice search feature on desktop. When you use voice search, your spoken query is processed into text by Dictura and then sent to Perplexity to perform the search. Perplexity does not receive your audio — only the transcribed text query. See Perplexity's Privacy Policy.

Data Security

All communication between the Dictura app and our services uses TLS encryption. Account data is stored securely with Supabase. On-device transcription uses no network communication at all. Credentials on iOS are stored in the hardware-backed Keychain; on desktop platforms they are stored in the operating system's secure credential store. Dictation history and preferences are stored locally on your device and are not synced to our servers.

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy.

Voice recordings and transcriptions: Not retained. Audio processed via cloud mode exists only transiently during the API call and is immediately discarded.
Account data: When you delete your account, your personal data — including your account information, usage metrics, and device identifiers — is deleted immediately. The only exception is data we are legally required to retain (such as billing records required by tax and accounting regulations), which is retained for the minimum period required by applicable law.

International Data Transfers

Dictura is operated from the United States. Your account data is stored with Supabase, which is hosted in the European Union. However, when you use cloud transcription, your audio is processed by OpenAI, whose servers are located in the United States.

If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, your use of cloud features involves the transfer of data to the United States. Audio processed in cloud mode is transient and not stored — it is processed and immediately discarded, which minimizes any transfer risk. We require our service providers to protect your data to standards consistent with applicable data protection law.

Your Rights

Regardless of where you are located, you can at any time:

Request deletion of your account and all associated data by contacting support@dictura.com
Switch to on-device mode to ensure zero cloud interaction
Cancel your subscription and stop all cloud processing

Additional Rights for EEA, UK, and Swiss Residents

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the GDPR or equivalent legislation:

Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request correction of inaccurate or incomplete personal data.
Right to erasure: You may request deletion of your personal data, subject to legal retention requirements.
Right to restrict processing: You may request that we limit the processing of your personal data in certain circumstances.
Right to data portability: You may request to receive your personal data in a structured, commonly used, machine-readable format.
Right to object: You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates applicable law.

To exercise any of these rights, contact us at support@dictura.com. We will respond to your request within 30 days, as required by law.

Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

Right to know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
Right to delete: You have the right to request deletion of your personal information, subject to certain legal exceptions.
Right to correct: You have the right to request correction of inaccurate personal information.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide you a different level of service for exercising your rights.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than those permitted by the CPRA.

To exercise your rights, contact us at support@dictura.com. We will verify your identity before processing your request and respond within 45 days.

Children's Privacy

Dictura is suitable for users of all ages and is rated 4+ on the Apple App Store. We do not knowingly collect personal information from children under 13 without parental consent, as required by the Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe your child under 13 has provided us with personal information without your consent, please contact us at support@dictura.com and we will delete that information promptly.

For users in the European Economic Area, where the minimum age for data processing consent varies by country (typically 13–16), a parent or guardian must consent on behalf of any child below the applicable age in their jurisdiction.

Do Not Track

Dictura does not track users across third-party websites or services. We do not use advertising or analytics tracking cookies. Because we do not engage in tracking, we do not respond to Do Not Track (DNT) browser signals — there is nothing to turn off.

Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify you by posting the revised policy on our website with a new “Last updated” date and, where practicable, by providing notice through the App or by email. Continued use of Dictura after the effective date of a revised policy constitutes acceptance of those changes. If you do not agree to the updated policy, you must stop using Dictura.

Contact

If you have any questions about this privacy policy, wish to exercise your rights, or need to report a privacy concern, contact us at:

E-mail: support@dictura.com