Enterprise

On‑device by design. Nothing to collect. Nothing to leak.

Voice Type runs locally on macOS. We do not operate an ingestion API, a cloud store, or usage analytics. For most enterprises this is the simplest security posture: eliminate egress during dictation.

Security model

  • No analytics, no crash logs, no telemetry
  • No backend servers; the marketing site is static export
  • Dictation stays on device. Audio is not uploaded
  • Optional LLM rewrite uses your own key and goes directly from the device to your chosen provider. We do not proxy or retain text
  • Payments and licensing handled by Apple (StoreKit). The only required network call is license verification

HIPAA and “HIPAA‑eligible” usage

HIPAA applies to covered entities and their business associates when Protected Health Information (PHI) is created, received, maintained, or transmitted. Because Voice Type performs dictation on device and we do not receive PHI, we are generally not a Business Associate and a BAA is not applicable.

  • Offline mode (default): no PHI egress. This is a HIPAA‑compatible configuration with no vendor data processing
  • LLM rewrite: if you choose to send text to a model provider, you should contract directly with that provider (e.g., a BAA) and route traffic from the device to the provider. We do not intermediate or retain content
  • We provide an attestation of processing: “no analytics, no logging, no content processing” on request

SOC 2 fit

SOC 2 audits evaluate controls for systems that process customer data. We do not run a customer data processing service for the app. If your vendor intake requires SOC 2 documents, we provide a short security whitepaper, an architecture diagram, and a completed minimal‑data vendor questionnaire showing “no customer data stored or processed by the vendor.”

Network and MDM

  • Required allowlist: Apple StoreKit licensing
  • Optional allowlist: the rewrite provider you choose (e.g., OpenAI, Groq). Requests originate from the device
  • Distribution: Mac App Store; works with standard macOS MDM for install and app availability

Procurement kit

  • Security whitepaper and data‑flow diagram (request via contact)
  • Vendor questionnaire: we return a “no data processed/no analytics” attestation
  • Support: priority email support for volume purchases

How we compare at a glance

ProductWhere dictation runsCompliance postureNotes
Voice TypeOn device (macOS)No analytics, no logging, no backend servers; HIPAA‑compatible offline modeOptional BYO‑key rewrite goes device → provider, not through us
Wispr FlowCloudSOC 2 Type II; HIPAA/HIPAA‑ready with BAA and Zero Data RetentionCross‑platform with enterprise controls
OtterCloudSOC 2 Type II; HIPAA on Enterprise plan with BAA (July 10, 2025)Meeting agent and collaboration features

Cloud vendor claims based on their public pages as of October 2, 2025.

Talk to us

If your security team needs documents or a quick call, reach out. We keep the vendor review short because there is very little to review.

Contact