Privacy10 min read

Wispr Flow Privacy: Where Does Your Voice Data Actually Go?

Wispr Flow processes dictation in the cloud, which means your voice leaves your Mac. Here's what that architecture actually means in practice, and how local processing differs.

Matt, Founder of Scrybapp
Matt

Founder of Scrybapp

The Basic Question

You dictate a paragraph. Where does the audio actually go before it becomes text on your screen? For a cloud-based dictation tool like Wispr Flow, the answer is straightforward based on their publicly stated architecture: your voice is recorded on your Mac, sent over the internet to a remote server, processed there into text, and the result is sent back to your device. That round trip is what makes cloud dictation possible at all — and it's also the entire privacy question in one sentence.

How Cloud-Based Dictation Pipelines Generally Work

This isn't unique to Wispr Flow — it's how most cloud speech-to-text products are built, including Aqua Voice and services like Otter.ai. The general pipeline looks like this:

  • Recording — audio is captured locally through your microphone.
  • Transmission — the audio is sent over the network to the provider's servers.
  • Processing — a speech-to-text model, running on that provider's infrastructure rather than your device, converts the audio to text.
  • Return — the resulting text is sent back and inserted wherever you were typing.
  • Retention — what happens to the audio and transcript after this point depends entirely on the provider's stated data policy, which varies by company and isn't something a third party can independently verify from the outside.

The privacy question isn't really about whether this pipeline exists — it has to, for cloud processing to work at all. The question is what happens at that last step, retention, and how much you're relying on a policy document rather than a technical guarantee.

Policy vs. Architecture

This is the distinction that matters most and gets glossed over most often. A company's privacy policy is a set of promises about how they say they'll handle your data — deletion timelines, whether data trains future models, who can access it internally. Those promises can be well-intentioned and still depend on the policy being followed correctly, the company not changing its terms later, and no breach or misconfiguration exposing data in the meantime.

An architectural guarantee is different: if audio never leaves your device in the first place, there's no server-side retention question to have a policy about, because there's nothing sitting on a remote server to retain. That's the core difference between cloud tools like Wispr Flow and local tools — one relies on a policy being honored, the other removes the scenario the policy would need to cover. Neither is inherently untrustworthy, but they are different kinds of risk, and it's worth knowing which one you're accepting before you dictate something sensitive.

What This Means in Practice

For casual dictation — a quick Slack message, a grocery list, a note to yourself — the practical risk of cloud processing is low regardless of the specifics. For anything involving client information, medical details, legal matters, unreleased business plans, or anything else you wouldn't want stored on a third-party server indefinitely, the calculus changes. That's also exactly why fields with strict data handling rules, like healthcare and law, tend to gravitate toward local-processing tools specifically — see our guides on HIPAA-compliant dictation on Mac and dictation software for lawyers for how that plays out in practice.

Cloud vs. Local: The Practical Difference

QuestionCloud Processing (e.g. Wispr Flow)Local Processing (e.g. Scrybapp)
Where is audio processed?Remote serversOn your Mac
Does audio leave your device?YesNo
Works without internet?NoYes
Relies on a retention policy?YesNo server data to retain
Ongoing cost modelSubscriptionOne-time license

The Offline Angle Nobody Mentions

There's a practical, non-privacy reason this matters too: cloud dictation simply stops working when you don't have a connection. On a flight, in a basement office, on a spotty hotel network — a tool that depends on round-tripping audio to a server has a hard failure point that a local tool never encounters. We cover this angle in more detail in local vs. cloud speech-to-text and offline dictation apps for Mac.

Where Scrybapp Fits

This is the exact gap Scrybapp is built around: 100% local Whisper-based processing, meaning audio never leaves your Mac in the first place, at any point, for any reason. There's no server to send data to, so there's no retention policy to trust or verify — the question doesn't apply. It also means dictation keeps working with no internet connection at all, and comes as a $19 one-time license rather than a recurring subscription tied to ongoing server costs.

This isn't a claim that cloud-based tools are reckless. It's a structural point: a policy is a promise about handling data that exists somewhere on a server. Local processing removes the "somewhere" entirely. For anyone dictating sensitive material regularly, that structural difference matters more than any specific line in a privacy policy.

The Bottom Line

Wispr Flow's cloud architecture isn't a secret or a scandal — it's simply how the product is built, and it's disclosed as such. But "cloud-based" has concrete implications: your voice travels to a server, processing depends on a written policy rather than a technical impossibility, and the whole system requires an internet connection to function. Whether that trade-off is acceptable depends on what you're dictating and how much you value not having to think about it at all.

Get Scrybapp

Voice dictation for Mac. 4x faster than typing, works in every app. 100% local, $19 once, no subscription.

Get Scrybapp for $19