Privacy Policy
The short version. Voxmelt runs on your computer, not in our cloud. Your voice, your transcripts, the text the AI cleans up, and the prompts you write never leave your machine and never reach us - we built the app so there is nothing on our end to read. The only time anything touches the network is when you choose to: checking for an app update, creating an optional account to manage a paid plan, or paying for one. No telemetry, no analytics, no "anonymous" pings, no selling data, no training AI on your voice. Ever.
The core promise: your voice stays local. Voxmelt is local-first by architecture, not just by policy. Speech-to-text and AI post-processing run entirely on your machine - your microphone audio is transcribed by Whisper on your own GPU, and (on the Studio tier) cleaned up, summarised, rewritten, or re-toned by a local model served by Ollama. The audio, the transcript, the AI output, and the prompts and custom templates you write never go to us or any third party, because there is no server in the loop to receive them.
Audio lives in your computer’s memory only while you are recording, and is discarded when processing finishes. A transcript or AI output is written to disk only if you save or export it, and then it lives wherever you put it, under your control.
No telemetry. The app sends no usage analytics, no crash reports, no diagnostic pings, and no model inputs or outputs to us or any third party - and no file names, clipboard contents, or custom prompts. You do not need an account to record, transcribe, or use AI post-processing.
No voiceprints. Voxmelt does not create, extract, store, or transmit a biometric voiceprint or any other biometric identifier from your audio. Transcription converts speech to text on your device; no biometric template of your voice is generated by us or sent anywhere. Recording other people, where applicable consent and biometric-privacy laws (such as Illinois BIPA) require it, is your responsibility - Voxmelt gives you a local tool, and you are responsible for the legal basis to record and process the voices you capture.
The only data that ever leaves your machine. There are three optional, narrowly-scoped flows, and nothing else: anonymous app updates, an optional account, and billing if you subscribe.
App updates (anonymous). The app periodically checks our public releases feed on GitHub to see if a newer version is available, and downloads it if so. This is an ordinary file fetch with no identifier attached; what GitHub logs for any public download is governed by GitHub’s own privacy statement. You can disable automatic updates in Settings → About → Updates.
Your account (optional - only to manage a paid plan). You can use Voxmelt’s free tier and trial with no account at all; an account exists only to attach a paid (Pro or Studio) license to you. If you create one, we store - in Supabase (region ap-south-1, Mumbai), under row-level security so only you can read your own row - your email address, your plan and license status, and basic authentication metadata managed by Supabase.
Billing (optional - only if you subscribe). Payments are handled by Razorpay. We never see or store your full card number. From Razorpay we receive only what is needed to operate your subscription: a customer or subscription identifier, your subscription status and renewal date, a country code for tax, and the last four digits of your card for display in your billing page. Razorpay’s own privacy policy governs the data it holds.
Signing in with Google (Google SSO). Creating an account is optional - you can use Voxmelt to record and transcribe without one; an account exists only to manage a paid license. If you choose to sign in, you can use either email and password or the "Continue with Google" option.
When you sign in with Google, we request only the basic sign-in scopes Google provides for authentication - your email address, your name, and your profile picture. We do not request, receive, or store any other Google data. We access no contacts, Gmail, Drive, Calendar, or any other restricted or sensitive Google scopes.
We use the information received from Google sign-in for one purpose only: to create and authenticate your Voxmelt account and link your license/plan to you. We do not use Google sign-in data for advertising, profiling, or any unrelated purpose; we never sell or rent it; we do not share it with third parties other than Supabase, our authentication and database processor acting on our behalf; and we never use it to train any AI or machine-learning models.
Voxmelt’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
You stay in control. Your Google profile data is stored in Supabase under row-level security so only you can read your own record. You can revoke Voxmelt’s access at any time from the "Third-party apps & services" page of your Google Account, and you can request deletion of your account record at any time - deleting it removes the email, name, and profile picture we stored.
Who we share data with. We share data only with the processors needed to run the optional account and billing features: Supabase (authentication and database), Razorpay (payments), GitHub (anonymous app-update fetches), and Google (only if you choose Google sign-in). We will not share your data with anyone else without your consent, except where strictly required by law, such as a valid court order.
Where data is stored, and how long. Everything you record, transcribe, or generate stays on your computer until you delete it, and local app settings live under %APPDATA%\app.voxmelt.desktop\ until you uninstall. Account email and plan status are stored in Supabase (ap-south-1, Mumbai) for as long as your account exists and are deleted within 30 days of account deletion. Razorpay billing records may be retained as long as tax and accounting law requires (typically up to 7 years). Where data must cross borders, we rely on appropriate safeguards such as Standard Contractual Clauses where required.
Your rights. If you have an account, you can at any time access or export your account data, correct it, delete your account and associated data (Settings → Account → Delete account), withdraw Google sign-in by revoking access from your Google Account, and object to, restrict, or port your data - just email help@voxmelt.com. Region-specific rights apply and we honour them: GDPR and UK GDPR (EEA, UK, Switzerland), the CCPA/CPRA (California, including the right to know, delete, correct, and opt out of sale or sharing, which we do not do anyway), and the Digital Personal Data Protection Act 2023 (India). If you do not have an account, only local data exists - delete it by clearing your settings or uninstalling Voxmelt.
Children. Voxmelt is not directed at children under 13 (or under 16 in the EU), and we do not knowingly collect data from children. If you believe a child has provided us account data, email help@voxmelt.com and we will delete it.
Security. The strongest privacy control here is structural: the sensitive data never leaves your device, so there is no server for an attacker to breach. For the limited account data we do hold, we use encryption in transit (TLS), encryption at rest where supported, row-level security, and least-privilege access. No system is perfectly secure; if you suspect a problem with your account, email help@voxmelt.com immediately. If we ever discover an incident affecting your account data, we will notify you and, where required, the relevant authority within 72 hours.
Changes and contact. We may update this policy; material changes will be announced in the app (Settings → About) and on this page, and if a change ever expands what we collect, we will say so plainly rather than bury it. Privacy questions, data-rights requests, or complaints: help@voxmelt.com.