Skip to main content

Enterprise

On-device dictation built for security teams

Voice Type runs locally on macOS. There is no ingestion API, no cloud store, and no analytics pipeline. That makes vendor review and ongoing compliance straightforward.

Security model

  • No analytics, crash logs, or telemetry shipped with the app.
  • No backend servers—marketing site is a static export and the app works offline.
  • Dictation stays on device; audio is never uploaded.
  • Optional bring-your-own-key rewrite goes from the device directly to your provider. We do not proxy, retain, or inspect the text.
  • Payments and licensing are handled by Apple via StoreKit. The only required network call is license verification.

HIPAA and HIPAA-eligible use

HIPAA applies when Protected Health Information (PHI) is transmitted to a vendor. Because Voice Type performs dictation entirely on-device and we never receive PHI, we are not a Business Associate and a BAA is typically not required.

  • Offline mode (default) keeps PHI local—no vendor data processing, making it HIPAA compatible out of the box.
  • If you enable LLM rewrites, contract directly with your chosen model provider (for example, through a BAA). Traffic flows from the device to that provider.
  • We provide a written attestation on request: “no analytics, no logging, no content processing.”

SOC 2 fit

SOC 2 evaluates controls for systems handling customer data. Voice Type does not operate a customer data processing service. For procurement we supply a concise security whitepaper, architecture diagram, and a minimal vendor questionnaire confirming “no customer data stored or processed.”

Network and MDM

  • Required allowlist: Apple StoreKit licensing endpoints.
  • Optional allowlist: the rewrite provider you choose (OpenAI, Groq, etc.). Requests originate from the device.
  • Distribution: Mac App Store—works with standard macOS MDM deployment flows.

Procurement kit

  • Security whitepaper and data-flow diagram (request via contact).
  • Completed vendor questionnaire showing no customer data processed, stored, or transmitted.
  • Priority email support for volume purchases.

How we compare

ProductWhere dictation runsCompliance postureNotes
Voice TypeOn device (macOS)No analytics, no logging, HIPAA-compatible offline modeOptional BYO-key rewrite flows device → provider; nothing passes through us.
Wispr FlowCloudSOC 2 Type II; HIPAA/HIPAA-ready with BAA and zero data retentionCross-platform with enterprise administrative controls.
OtterCloudSOC 2 Type II; HIPAA on Enterprise plan with BAA (July 10, 2025)Meeting agent and collaboration feature set.

Cloud vendor claims based on public disclosures as of October 2, 2025.

Talk to us

Need paperwork or a quick call with security? Reach out and we'll keep the review process short—there is very little to audit.

Contact