Limited time: Save up to 33% on every planView pricing
Voibe Logovoibe Resources
handyis handy safehandy privacyhandy open sourcehandy dictationon-device dictation privacyopen source dictationprivacy

Is Handy Safe? Free, Open-Source, On-Device (2026)

Is Handy safe? Yes β€” MIT-licensed, all transcription on-device, zero telemetry in the code, no cloud STT path at all. Caveats: young project, donation-funded.

Is Handy Safe? The Direct Answer

TL;DR: Yes β€” Handy is safe by architecture, and the architecture is unusually easy to trust because there is nothing to take on faith. Handy is a free, MIT-licensed, open-source push-to-talk dictation app for macOS, Windows, and Linux. For this investigation we audited the full source at github.com/cjpais/Handy (25,800+ stars as of July 2026): no cloud transcription path exists anywhere in the codebase β€” all 65 supported speech models across 13 families (Whisper, Parakeet, Moonshine and more) run locally β€” and a sweep for telemetry and analytics SDKs returns zero hits. The homepage promise, “Your voice stays on your computer,” and the developer's own answer when asked whether audio reaches his servers β€” “It's all local” β€” are verifiable in code.

An honest audit still has findings β€” none disqualifying:

  • There is no privacy policy document at all. handy.computer/privacy returns a 404. What stands in for a policy is marketing copy plus auditable source β€” which is arguably stronger than an unaudited policy, but gives procurement nothing to file.
  • Two default behaviors to know about. The update check (a GET to GitHub releases) is on by default and toggleable in Settings; and the README roadmap lists “Opt-in Analytics” as planned β€” not shipped in v0.9.0, but worth re-checking each release.
  • It is a donation-funded, solo-maintained young project. Developer CJ Pais (the community contributor behind Mozilla-adopted whisperfile) maintains it with ~116 contributors and biweekly releases, funded by GitHub Sponsors and donations. No company, no SLA, and an issue tracker with real platform bugs β€” including a macOS freeze if the Accessibility permission is revoked while the app runs.

Bottom line: for privacy-conscious dictation at $0 on any desktop platform, Handy is the reference answer, and this page is a genuine recommendation β€” Handy is an on-device privacy peer of Voibe, and the honest comparison between them is about support, polish, and workflow, not privacy.

Disclosure: Voibe is our product, and Handy competes with it β€” at $0. That is why this page leans on verifiable evidence: claims are grounded in the public MIT source (v0.9.0, audited July 6, 2026), the project README, handy.computer, and our own Handy review and pricing guide.

Key Takeaways: The Handy Safety Picture

AreaCurrent State (July 2026)Source
Processing architectureAll transcription on-device: 65 local models across 13 families (Whisper via transcribe-cpp, Parakeet via ONNX, Moonshine, and more) with bundled Silero voice-activity detection. No cloud STT path exists in the code.Source audit (v0.9.0)
License & auditabilityOpen-source MIT at github.com/cjpais/Handy β€” 25,823 stars, 2,214 forks, 116 contributors, 58 releases. Name/logo are trademarked; the code is free to fork.GitHub repository
TelemetryNone β€” zero analytics/telemetry/crash-reporting SDKs or code in the Rust + TypeScript source. Roadmap lists “Opt-in Analytics” as planned, unshipped.Source audit + README roadmap
Privacy policyNone exists β€” handy.computer/privacy returns 404. The de facto policy is the homepage claim (“Your voice stays on your computer”) plus the auditable source.handy.computer (absence)
Transcript storageLocal SQLite history with a default limit of 5 recent transcripts; recordings retention conservative by default; always-on microphone off by default.Source audit (settings defaults)
AI trainingNo vendor server receives audio or text β€” there is nothing to train on, and no code path that could.Architecture (verified)
Update checkOn by default against GitHub releases; toggleable in Settings; releases signed (minisign format; Windows builds additionally via Azure Trusted Signing).Source audit + README
Optional cloud surfaceLLM post-processing only β€” off by default, BYOK, and it sends transcript text, never audio. Fully local alternatives built in: Ollama and Apple Intelligence.Source audit (settings + actions)
Developer & entitySolo maintainer CJ Pais (creator of Mozilla-adopted whisperfile); no company or legal entity; contact@handy.computer. Donation-funded (GitHub Sponsors, Stripe, PayPal, Ko-fi).LICENSE + cjpais.com + FUNDING.yml
Compliance attestationsNone β€” no SOC 2, ISO 27001, HIPAA claim, BAA, DPA, or formal security-disclosure process.GitHub + handy.computer (absence)
PricingFree. No paid tier, no account, no trial mechanics β€” funded by sponsors and donations.handy.computer
Third-party signalHacker News front page twice (237 and 247 points); Product Hunt 5.0/5 from 4 reviews (small sample); ~8,000 Homebrew installs in the last year. Our hands-on review: 7.5/10.HN + Product Hunt + Homebrew
Known maturity issuesOpen bugs include a macOS system freeze if Accessibility permission is revoked while running, Linux/Wayland gaps, and crashes on some older CPUs.GitHub issue tracker
Public incidentsNone β€” no CVEs or security advisories published.GitHub security tab, July 2026

The rest of this article walks the evidence: the local-only audio pipeline, the complete network ledger, the honest caveats of a donation-funded young project, and how to set Handy up for maximum privacy.

How Handy Processes Your Voice: Local Models, No Cloud Path

Handy free open-source dictation app β€” MIT-licensed, cross-platform on macOS, Windows, and Linux, with all 65 supported speech models running locally and no cloud transcription path anywhere in the codebase
Handy (handy.computer) β€” free, MIT-licensed push-to-talk dictation. The audio pipeline has no cloud branch at all.

Handy is a push-to-talk dictation tool: hold (or toggle) a configurable hotkey, speak, release, and the transcript pastes into whatever app has focus. It is built in Rust and TypeScript on Tauri, and the same local pipeline runs on macOS (Intel and Apple Silicon), Windows, and Linux.

  • The audio pipeline is local, full stop. Audio goes microphone β†’ bundled Silero voice-activity detection β†’ a local speech model β†’ pasted text. The v0.9.0 catalog spans 65 models across 13 families β€” Whisper (GGUF via the project's transcribe-cpp engine, with streaming support since v0.9.0), Parakeet (ONNX), Moonshine, Canary, Granite, Voxtral and more. One naming trap our audit resolved: the “Cohere Transcribe” entry is a local GGUF quantization of Cohere's open Apache-2.0 speech model β€” not a cloud API.
  • There is no cloud transcription endpoint in the codebase. Not opt-in, not fallback β€” none. A full sweep of hardcoded domains across the source finds model hosts, the update endpoint, and the optional post-processing endpoints described below, and nothing else. When a Hacker News user asked the developer whether audio is sent to his servers, his answer was three words: “It's all local.” The MIT license means you don't have to take even that on trust.
  • History is small by default. Transcripts land in a local SQLite database with a default limit of five recent entries, recordings retention is conservative, and the always-on microphone option ships disabled.
  • The one optional cloud surface carries text, never audio. If you enable LLM post-processing (off by default) and configure a provider with your own API key β€” OpenAI, Anthropic, Groq, OpenRouter, Cerebras and others β€” the function receives the finished transcript string for cleanup. Two fully local options are built in: Ollama on localhost and Apple Intelligence on-device.

Architecturally, this is the leanest privacy story in the category: fewer moving parts than hybrid tools, no account system, no vendor server that could retain anything. For the framing, see our cloud vs local dictation guide.

Open Source Under MIT: Every Network Call, Enumerated

Open source earns trust when someone reads it. We cloned Handy v0.9.0 (released July 1, 2026) and swept every domain referenced in the Rust and TypeScript source. The Handy Network Ledger β€” the complete list of outbound connections the app can make:

  1. Model downloads β€” blob.handy.computer and Hugging Face. Speech models download when you install them, from the project's own blob host (classic Whisper GGML files) and from Hugging Face repositories for the newer GGUF/ONNX catalog. User-initiated only; the README even documents fully manual offline installation for restricted networks.
  2. Update check β€” GitHub releases. A fetch of latest.json from the project's GitHub releases. It ships enabled but is a first-class toggle in Settings, and the code hard-gates on the setting β€” flipped off means no call. Releases are signed in Tauri's minisign format (public key in the repo, manual verification documented), and Windows builds are additionally signed via Azure Trusted Signing.
  3. Optional BYOK post-processing endpoints. Only when you enable post-processing and add a key. Text only, never audio β€” and never at all if you point it at Ollama (localhost) or Apple Intelligence (on-device).
  4. Nothing else. No analytics endpoint, no crash reporter, no account service, no license server β€” there is no license to check, because there is nothing to buy.

On telemetry, the current truth and the roadmap deserve equal billing. Today: zero telemetry β€” the dependency manifests contain no analytics SDK, and a source-wide grep for PostHog, Sentry, Mixpanel, Amplitude, Segment, Crashlytics and friends returns nothing. Planned: the README roadmap lists “Opt-in Analytics: Collect anonymous usage data to help improve Handy / Privacy-first approach with clear opt-in.” If that ships as described β€” opt-in β€” it changes nothing by default; the responsible move for a privacy-sensitive user is to re-check the changelog on major releases. We will keep this page current if it lands.

During dictation on a local model, outbound traffic is zero. Run Little Snitch (or any outbound firewall) and watch β€” the same verification we recommend for every on-device tool in this series.

The Nuances an Honest Audit Finds

A recommendation is only useful if it also reports the corners. Five findings, none disqualifying:

  • No privacy policy exists. handy.computer/privacy is a 404, and the repo has no privacy document. What you get instead is a homepage promise (“Your voice stays on your computer. Get transcriptions without sending audio to the cloud”), a README statement (“This happens on your own computer without sending any information to the cloud”), and code that anyone can check. For individuals that trade is arguably favorable; for organizations that must file a vendor's policy, there is nothing to file.
  • The update check defaults to on. It is a plain versions fetch against GitHub, clearly toggleable, and the releases it fetches are signature-verified β€” but a default outbound call is worth knowing about, and turning it off shifts the update responsibility to you.
  • “Opt-in Analytics” is on the roadmap. Unshipped as of v0.9.0, and framed as opt-in β€” but roadmaps are commitments of direction, so re-check release notes. (This is the same discipline that caught a competitor's closed-source telemetry mismatch in our Wisprtype investigation β€” the difference here is that when Handy ships it, the code will show exactly what it does.)
  • No security formalities. There is no SECURITY.md, no vulnerability-disclosure process, no third-party audit, and no published advisories (also: no CVEs on record). Standard for an indie project; below the bar for regulated procurement.
  • Maturity bugs are real. The tracker documents a macOS system-wide freeze if the Accessibility permission is revoked while Handy is running, first-run permission-detection issues, Wayland fragmentation on Linux (hotkeys/text insertion need helper tools; first-character clipping on GNOME), crashes on CPUs lacking AVX2, and an intermittent long-dictation freeze. None of these is a privacy problem β€” they are the texture of a fast-moving, donation-funded project, and worth knowing before you make it load-bearing.

The Handy Safety Decision Tree

Use the Handy Safety Decision Tree to fit Handy to your situation. As with VoiceInk β€” and unlike the cloud tools in this series β€” the questions tune your setup rather than gate the tool.

  1. Do you want verifiable on-device dictation for free? Handy qualifies as the reference answer: MIT source, a local-only audio pipeline with no cloud branch, zero telemetry code, and cross-platform reach (macOS, Windows, Linux).
  2. Will you enable LLM post-processing with a cloud key? If yes β€” your transcript text (never audio) goes to the provider you configured, under your API agreement. For sensitive work, leave it off or point it at Ollama or Apple Intelligence, both of which keep the cleanup local.
  3. Does a default update check bother you? Toggle it off in Settings β€” the code respects the toggle β€” and verify releases manually via the documented minisign signatures. High-assurance users should prefer the official GitHub releases over the community-maintained Homebrew and winget packages.
  4. Does your procurement need an entity, policy document, or attestation? Handy has none: no company, no privacy policy to file, no SOC 2 or BAA. The architecture minimizes what such paperwork would cover, but if the process requires paper, Handy cannot produce it. See our HIPAA guide and accommodation guide for how on-device tools fit formal processes.
  5. Do you need supported, polished, Mac-deep workflow? Handy is deliberately narrow β€” push-to-talk, paste, done β€” with community support and known platform rough edges. A commercial on-device peer (Voibe) adds the managed layer: support, custom vocabulary, developer integrations, hands-free operation. Same privacy architecture, different ownership model.

Cross-Product Privacy Posture Comparison

Handy sits at the strong end of the dictation privacy spectrum, alongside the other on-device tools in this series β€” and it is the only one that is simultaneously free, open-source, and cross-platform. The peer picture:

ProductData PathSource ModelPriceVerdict for Sensitive Work
HandyOn-device only β€” no cloud STT path existsOpen-source MITFree (donations)Strong (auditable end to end)
VoiceInkOn-device by default; BYOK opt-inOpen-source GPL v3$25–49 one-time (free self-build)Strong (auditable end to end)
VoibeOn-device on Apple SiliconClosed-source, commercial$149 lifetimeStrong (no cloud surface, accountable vendor)
WisprtypeOn-device by default; BYOK opt-inClosed-source, freeFreePersonal use only β€” telemetry shipped on despite policy; see investigation
SuperwhisperHybrid: on-device modes + cloud modesClosed-source$249.99 lifetimeGood on-device; watch the defaults β€” see investigation
VoicyCloud-only via Voicy servers β†’ GroqClosed-source$8.49/mo Β· $260 lifetimeEveryday use only β€” see investigation
Wispr FlowCloud-onlyClosed-source$144/yrAcceptable with BAA (SOC 2 II + HIPAA)

The instructive pairing is Handy vs VoiceInk β€” the two open-source locals. Handy is free, cross-platform, and deliberately minimal (no AI rewriting, no per-app modes); VoiceInk is Mac-only, $25–49, with more workflow features and a BYOK cloud lane Handy mostly lacks. Both resolve the trust question the same way: read the code. For the full 30-tool matrix, see the AI Privacy Tracker.

Donation-Funded, Solo-Maintained, Deliberately Forkable

Handy's sustainability story is unusual enough to assess on its own terms. The facts, verified July 2026:

  • The maintainer has receipts. CJ Pais is the community contributor whose whisperfile work was adopted and credited by Mozilla, and his LocalScore benchmark shipped with Mozilla Builders support. Handy is his “software artist” project: 58 releases in ~17 months, ~69% of commits his own, 116 total contributors, and community pull requests landing as recently as the week of our audit.
  • Traction is real, if young. 25,823 GitHub stars (up from roughly 20,000 in May 2026), two Hacker News front-page runs (237 and 247 points), Product Hunt 5.0/5 β€” from just 4 reviews, so treat the number as a small sample β€” and about 8,000 Homebrew installs in the past year.
  • The money is donations. GitHub Sponsors (21 current sponsors), Stripe, PayPal, and Ko-fi, plus named project sponsors on the homepage. There is no paid tier and no revenue model to protect β€” which cuts both ways: no incentive to harvest data, and no commercial backstop for support either.
  • “The most forkable one” is the stated strategy. The README says it directly: “Handy isn't trying to be the best speech-to-text appβ€”it's trying to be the most forkable one.” MIT licensing (with a reasonable trademark carve-out on the name and logo) plus 2,214 forks means the code outlives any single maintainer's attention β€” the strongest abandonment insurance in the category, alongside VoiceInk's GPL.

Our own hands-on Handy review scored it 7.5/10 β€” the highest we've given a free tool β€” precisely because what it does, it does honestly. The full cost picture (spoiler: $0, with real trade-offs) is in the Handy pricing guide.

The Five-Step Handy Safety Audit

Run this five-step audit to set Handy up for maximum privacy. Each step takes 2–10 minutes.

  1. Download from the official source and verify the signature. Use the GitHub releases page (the Homebrew cask and winget package are community-maintained, not the developer's). Releases are signed in minisign format with the public key in the repo; the README documents verification.
  2. Watch the network once. Run Little Snitch or any outbound firewall during a dictation session on a local model: expect zero traffic. Over a longer window you should see only the GitHub update check (if you left it on) and model hosts when you install a model.
  3. Decide the update-check toggle deliberately. Default is on; Settings turns it off and the code respects it. If you disable it, put a reminder on your calendar β€” running old builds of an accessibility-privileged app is its own risk.
  4. Keep post-processing local for sensitive work. The BYOK cleanup lane sends transcript text to your chosen provider. Point it at Ollama (localhost) or Apple Intelligence (on-device) to keep even the cleanup off the network β€” or leave the feature off entirely, its default.
  5. Apply the organizational disqualifier honestly. No entity, no privacy policy document, no BAA, no attestation: if your workflow needs vendor paperwork (HIPAA, legal-privileged, formal accommodation processes), Handy's architecture is right but its paperwork does not exist. Use the HIPAA pathway or an accountable on-device vendor, and re-check the roadmap's opt-in analytics item at each major release.

If those steps pass β€” and for personal use they will β€” Handy is exactly what its homepage says it is: speech-to-text that stays on your computer.

Voibe and Handy: Two On-Device Answers, Different Jobs

Voibe on-device Mac dictation app interface β€” the supported, Mac-deep commercial peer to Handy's free minimal cross-platform tool: custom vocabulary, Developer Mode for VS Code and Cursor, hands-free operation, and a vendor on the hook
Voibe (getvoibe.com) β€” the same on-device privacy answer, different job: the managed layer on top of the architecture Handy proves can be free.

On privacy, we won't manufacture a gap: Handy is a genuine on-device privacy peer of Voibe. Both keep audio on the machine, both ship without telemetry, and Handy adds something Voibe structurally can't β€” MIT-licensed source anyone can read. If your requirements are “free, open source, cross-platform,” Handy is the honest recommendation, full stop.

What Voibe offers is the managed, Mac-deep version of the same architecture:

  • A vendor on the hook. A named company, published terms, human support, and a written commitment in the privacy policy: “The Voibe application processes your voice entirely on your device. No audio is transmitted to our servers at any point” β€” the paperwork a donation-funded project can't produce.
  • Workflow depth where Handy is deliberately narrow. Custom vocabulary for names and jargon, Developer Mode with VS Code and Cursor file/folder resolution, Continuous Transcription and Hands-Free Mode for long sessions and accessibility needs, smart formatting that stays local and bounded. Handy's README itself lists AI rewriting, per-app formatting, and team features as non-goals.
  • One tuned experience instead of 65 choices. Handy's model catalog is power-user freedom; Voibe ships one hardware-matched local model and no picker. Different philosophies β€” pick the one that matches how much you want to tinker.

Pricing, honestly framed: Handy is $0 forever; Voibe is $7.50/month, $59/year, or $149 lifetime. If the managed layer isn't worth $149 to you, use Handy and donate to CJ Pais β€” that outcome is genuinely fine with us, and the category is better for Handy existing. The full head-to-head economics are in our Handy pricing guide and Handy vs Superwhisper comparison.

Try Voibe for Free β€” install, grant microphone and accessibility permissions, and dictate. No account, no credit card, no cloud β€” and support that answers.

Frequently Asked Questions

Is Handy safe to use in 2026?

Yes. Handy is safe by architecture: all transcription runs on-device across 65 local models (Whisper, Parakeet, Moonshine and more), no cloud transcription path exists anywhere in the MIT-licensed codebase, and a full source audit found zero telemetry or analytics code. The caveats are organizational rather than architectural: there is no privacy policy document, the update check defaults to on (toggleable), an opt-in analytics feature sits unshipped on the roadmap, and it is a donation-funded solo-maintained project with real platform bugs.

Is Handy really free and open source?

Yes. The full source is public at github.com/cjpais/Handy under the MIT license (25,800+ stars, 2,214 forks, 116 contributors as of July 2026), and the app costs nothing β€” there is no paid tier, no account, and no trial mechanics. Funding comes from GitHub Sponsors, donations, and named project sponsors. One nuance: the Handy name, logo, and brand assets are trademarked and not open-source, so forks must rebrand β€” the code itself is freely forkable, and the README calls being forkable the project's explicit goal.

Does Handy send your voice anywhere?

No. Our source audit of v0.9.0 swept every domain in the codebase: model downloads (blob.handy.computer and Hugging Face, user-initiated), a toggleable update check against GitHub releases, and optional BYOK post-processing endpoints. There is no cloud transcription endpoint at all β€” the audio pipeline (microphone β†’ Silero VAD β†’ local model β†’ paste) never touches the network. When a Hacker News user asked the developer whether audio reaches his servers, his answer was β€œIt's all local,” and the code confirms it.

Does Handy have telemetry or analytics?

Not as of v0.9.0 (July 1, 2026). The dependency manifests contain no analytics SDK, and a source-wide search for PostHog, Sentry, Mixpanel, Amplitude, Segment, Crashlytics and similar returns zero hits. One thing to watch: the README roadmap lists β€œOpt-in Analytics” with a β€œprivacy-first approach with clear opt-in” as planned but unshipped. Because Handy is open source, whatever ships will be inspectable β€” re-check the release notes on major versions.

Does Handy store your dictation?

Minimally, and locally. Transcripts are kept in a local SQLite history database with a default limit of five recent entries, recording retention is conservative by default, and the always-on microphone option ships disabled. Nothing syncs anywhere β€” there is no account and no server. If you dictate sensitive material, clear history as needed and keep full-disk encryption (FileVault or the platform equivalent) enabled, since anyone with your user session could read local files.

What are Handy's known bugs and limitations?

The issue tracker is honest about the rough edges: a macOS system-wide freeze if the Accessibility permission is revoked while Handy is running, first-run permission-detection problems, Linux Wayland fragmentation (hotkeys and text insertion need helper tools, and GNOME can clip the first character), crashes on older CPUs lacking AVX2, and an intermittent freeze on very long dictations. None of these is a privacy issue β€” they are maturity issues in a fast-moving, donation-funded project, and most users on mainstream hardware won't hit them.

Who maintains Handy, and what happens if development stops?

Handy is maintained by CJ Pais, a solo developer with real open-source credibility β€” his whisperfile work was adopted and credited by Mozilla. He authors roughly 69% of commits, with 116 total contributors and 58 releases in about 17 months. There is no company behind it and no SLA. The abandonment insurance is structural: MIT licensing plus 2,214 public forks means the code outlives any one maintainer β€” the README explicitly aims to be β€œthe most forkable” speech-to-text app rather than the biggest one.

Is Handy safe for HIPAA or other regulated work?

Architecturally, yes β€” audio never leaves the device, which removes the transmission risk regulated workflows worry about. Procedurally, no paperwork exists: no legal entity, no privacy policy document, no Business Associate Agreement, no SOC 2 or ISO 27001, and no formal security-disclosure process. Some compliance owners approve on-device tools on architectural grounds; others require an accountable vendor with signed agreements. Clear it with whoever owns that decision, and see our HIPAA dictation guide for the framework.

How does Handy compare to Voibe on privacy?

They are genuine peers β€” both process voice entirely on-device and ship without telemetry, and Handy adds MIT-licensed source code anyone can audit, which closed-source Voibe cannot offer. The differences are the ownership model: Voibe provides a named company, published terms and privacy policy, human support, custom vocabulary, Developer Mode for VS Code and Cursor, and hands-free operation β€” the managed layer β€” at $149 lifetime, while Handy is free, cross-platform, deliberately minimal, and community-supported. Pick by how much support and workflow depth you need; on privacy, both are right answers. Disclosure: Voibe is our product.

Ready to type 3x faster?

Voibe is the fastest, most private dictation app for Mac. Try it today.

  • 100% offline
  • Free to try
  • No subscription
  • Native Apple Silicon
  • 90+ languages

Prefer to go Pro? Save 20% on any plan with code VOIBE20 View pricing β†’