Limited time: Save up to 33% on every planView pricing
Voibe Logovoibe Resources
spokenlyis spokenly safespokenly privacyspokenly securitybyok dictation privacymac dictation privacyon-device dictationprivacy

Is Spokenly Safe? Local, BYOK & Pro Cloud Privacy Verdict (2026)

Is Spokenly safe? Three architectures — Local Only Mode, BYOK cloud, Pro managed cloud through 5 subprocessors — produce three different privacy postures. Full safety review with sources.

· Updated

Is Spokenly Safe? The Direct Answer

TL;DR: Spokenly's safety depends entirely on which of its three architectural modes you use. Local Only Mode is genuinely safe — audio runs through OpenAI Whisper Large-v3 and NVIDIA Parakeet locally on Apple Silicon with no network calls during transcription. BYOK cloud mode is only as safe as whichever provider you bring keys for (OpenAI, Deepgram, Groq, Anthropic, or Google). Pro managed cloud routes audio through five named subprocessors per the privacy policy effective March 2, 2026: Cerebras, Fireworks, Groq, Mistral AI, and ElevenLabs.

Three structural caveats apply across all modes:

  • No compliance attestations. The privacy policy does not reference SOC 2 Type II, HIPAA BAA, ISO 27001, GDPR, or CCPA. No external audit, no Business Associate Agreement, no certification framework. This disqualifies Spokenly for regulated industries.
  • No company entity or jurisdiction. The privacy policy lists only admin@spokenly.app as the contact. Developer Vadim Akhmerov is identified via the App Store listing, not via the privacy policy. Named developer with no disclosed corporate entity.
  • iOS keyboard caveat. The developer's published App Store replies recommend switching to online models for iOS keyboard reliability — which defeats the on-device privacy benefit for iOS users who chose Spokenly precisely for local processing.

For users who want a single audit-able privacy guarantee without choosing a mode, alternatives like Voibe simplify the question with two clean modes — a fully on-device mode (Whisper on the Apple Silicon Neural Engine, nothing leaves the Mac) or a private zero-retention cloud that runs only open-source models and is never trained on — with no BYOK and no subprocessor chain to audit in either. Voibe's privacy policy and cloud AI privacy page commit that your audio and text are never stored, never sold, and never used to train any AI model — with a fully on-device mode available when nothing should leave the Mac. Voibe costs $149 lifetime versus $359.64 over 3 years of Spokenly Pro — $210.64 cheaper with a zero-retention posture and no per-token API exposure.

This article walks through each Spokenly mode in detail, the privacy policy's load-bearing claims (and silences), the iOS keyboard documentation gap, a five-question Spokenly Safety Decision Tree, and the alternatives whose two-mode design simplifies the privacy question.

Disclosure: Voibe is our product. We verified Spokenly's privacy policy effective March 2, 2026, the App Store listing (ID 6740315592, v1.7.4 April 7 2026), and the Spokenly homepage feature claims (Local Only Mode, MCP server) on May 26, 2026. Quotes from the privacy policy are verbatim; we cite specific paragraphs where applicable.

Key Takeaway

Spokenly has three architectural modes — Local Only / BYOK cloud / Pro managed cloud — with three materially different privacy postures. No SOC 2 / HIPAA / ISO 27001 attestations across any mode. For a single audit-able posture, on-device alternatives like Voibe eliminate the mode question.

Key Takeaways: The Spokenly Safety Picture

AreaCurrent State (May 2026)Source
Local Only ModeAudio processed on-device via Whisper Large-v3 or Parakeet on Apple Silicon. No network calls during transcription.spokenly.app product page
BYOK cloud modeAudio routed to user-configured API provider: OpenAI, Deepgram, Groq, Anthropic, or Google. Provider's privacy posture applies.spokenly.app pricing + privacy policy
Pro managed cloudAudio routed through 5 named subprocessors: Cerebras, Fireworks, Groq, Mistral AI, ElevenLabs.spokenly.app/privacy (effective 2026-03-02)
Audio storage“Not stored” on Spokenly's servers per privacy policy. Subprocessor / BYOK provider retention may differ.spokenly.app/privacy (verbatim)
Analytics collectionButton clicks and page views, no PII per policy.spokenly.app/privacy
SOC 2 Type IINot attested. Not mentioned in privacy policy.spokenly.app/privacy
HIPAA BAANot offered. No BAA path documented.spokenly.app/privacy
ISO 27001Not certified. Not mentioned.spokenly.app/privacy
GDPR / CCPANot explicitly addressed in policy text.spokenly.app/privacy
Company entityNot disclosed in privacy policy. Developer Vadim Akhmerov named via App Store listing.App Store ID 6740315592
Contactadmin@spokenly.app only.spokenly.app/privacy
iOS keyboard reliabilityApp Store reviews flag issues. Developer recommends online models — defeats on-device benefit.App Store reviews + developer replies
Policy revision dateMarch 2, 2026 — recent.spokenly.app/privacy header
Public breach incidentsNone reported.Public sources, May 2026
Privacy alternativeOn-device dictation (Voibe, VoiceInk, MacWhisper, Spokenly Local Only) eliminates cloud surface entirely.Architectural comparison

The rest of this article walks through each row, gives you the three architectural modes side-by-side, and provides a five-step Spokenly Safety Audit to make your own call.

Three Architectural Modes, Three Different Privacy Postures

Unlike most dictation apps that ship one architecture, Spokenly ships three. The mode you select determines where your audio goes, who sees it, and what retention applies. This is the load-bearing structural insight about Spokenly's privacy — most “is X safe?” investigations cover a single architecture; Spokenly's three-mode design forces a more nuanced verdict.

Mode 1: Local Only Mode (Free, On-Device)

  • What happens: Audio captured to memory → transcribed by OpenAI Whisper Large-v3 or NVIDIA Parakeet on Apple Silicon's Neural Engine → text written to active field → audio discarded.
  • Where audio goes: Nowhere. No network calls during transcription.
  • Subprocessors: None.
  • Retention: None — audio is in memory only.
  • Privacy posture equivalent to: Voibe, VoiceInk, MacWhisper, Apple Dictation (mostly on-device on Apple Silicon).

This is the strongest privacy posture Spokenly offers. For Mac users with Apple Silicon (M1-M4) who can live with Whisper Large-v3 or Parakeet's accuracy without LLM cleanup, this mode is genuinely on-device and architecturally safe.

Mode 2: BYOK Cloud Mode (Free of Spokenly Fee)

  • What happens: Audio captured to memory → sent to user-configured API provider (OpenAI, Deepgram, Groq, Anthropic, or Google) → transcript returned → audio discarded by Spokenly.
  • Where audio goes: To whichever provider's API key you configured. Each provider has its own data-handling defaults, retention, and security posture.
  • Subprocessors: The single provider you selected. Spokenly is a passthrough.
  • Retention: Spokenly does not retain. Provider may retain per its own API terms — read each provider's data-handling policy.
  • Privacy posture equivalent to: Whichever provider you chose, as if you were calling their API directly.

The BYOK mode is privacy-neutral from Spokenly's perspective and entirely provider-dependent from yours. OpenAI's API, for example, has different retention defaults for free-tier users vs paid-tier vs zero-retention agreements. Deepgram, Groq, Anthropic, and Google each have their own policies. For sensitive content, the right move is to verify the chosen provider's policy first, then route audio through Spokenly as a thin client.

Mode 3: Pro Managed Cloud ($9.99 / month)

  • What happens: Audio captured to memory → sent to Spokenly's managed pipeline → routed through subprocessors → transcript returned → audio discarded per Spokenly's stated policy.
  • Where audio goes: Spokenly's five named subprocessors per the privacy policy effective March 2, 2026: Cerebras, Fireworks, Groq, Mistral AI, ElevenLabs.
  • Subprocessors: Five distinct entities, each with its own privacy policy and security posture.
  • Retention: Spokenly states audio is not stored. Subprocessor-level retention is not detailed in the public policy.
  • Privacy posture equivalent to: A managed-pipeline cloud product with a multi-vendor data chain.

This is the most convenient mode (no BYOK setup, one $9.99 / month subscription) and the most complex privacy posture (five subprocessors, undocumented contractual flow-down).

What the Spokenly Privacy Policy Actually Says

Spokenly Mac and iOS dictation app interface — the product covered by the privacy policy effective March 2, 2026 with audio-not-stored claim and 5 named subprocessors for Pro managed cloud (Cerebras, Fireworks, Groq, Mistral AI, ElevenLabs)
Spokenly (spokenly.app) — the product whose privacy posture is investigated here. Privacy policy effective March 2, 2026; developer Vadim Akhmerov disclosed via App Store.

The Spokenly privacy policy effective March 2, 2026 is reasonably substantive — more detailed than Wisprtype's sparse Notion-hosted policy, less detailed than Wispr Flow's published subprocessor list with named regions. Here's what it documents and what it leaves silent.

What the Policy Documents

  • Audio recordings are not stored on Spokenly's servers. This is the load-bearing claim that defines Spokenly's data-retention posture. It applies across modes — Local Only, BYOK, and Pro managed cloud.
  • Five subprocessors named for Pro managed cloud: Cerebras, Fireworks, Groq, Mistral AI, and ElevenLabs. Each is a separate data-handling entity.
  • Analytics collected: button clicks and page views. No personally identifiable information per the policy.
  • Contact: admin@spokenly.app.
  • Revision date: March 2, 2026 — recent enough to cover the current product surface.

What the Policy Does Not Document

  • No SOC 2 / HIPAA BAA / ISO 27001 / GDPR / CCPA. No external audit framework is referenced. No Business Associate Agreement path. No regional data-residency commitments.
  • No company entity or jurisdiction. The policy does not name a legal entity, a country of registration, or a corporate parent. Developer Vadim Akhmerov is identified only via the App Store listing.
  • No subprocessor-level retention details. The five subprocessors are listed by name but the policy does not detail which workload runs at which subprocessor, what retention applies at each layer, or what contractual flow-down requires.
  • No BYOK provider data-handling specifics. The policy treats BYOK as out-of-scope for Spokenly's retention — your audio is governed by the chosen provider's terms, which the policy correctly notes but does not elaborate.
  • No iOS keyboard data-handling clarification. The keyboard reliability fix (switch to online models) shifts iOS privacy posture from local-only to cloud-by-default, but the privacy policy does not address this product reality.
  • No retention windows in days or months. “Not stored” is the framing, but processing windows, log retention, and analytics retention are not specified.

What the Documentation Gaps Mean in Practice

The combination of a substantive privacy policy without an external audit, no named entity in the policy text, and the iOS keyboard reliability caveat produces a documentation posture that is:

  • Adequate for general consumer dictation — drafts, emails, notes, AI prompts.
  • Insufficient for regulated or compliance-audited work — HIPAA, attorney-client privilege, NDA-bound source code, SOC 2-required procurement.
  • Better than the most anonymous indie peers (Wisprtype, parts of the Whisper-wrapper ecosystem) but less than VC-backed peers (Wispr Flow's published subprocessor list, Willow Voice's YC company page disclosure).

Warning

The privacy policy's load-bearing claim is that audio recordings are not stored on Spokenly's servers. The five subprocessors in Pro managed cloud each have their own retention and security postures — the policy does not document the contractual flow-down that would extend Spokenly's no-storage commitment through the subprocessor chain. For sensitive content, request the contract terms in writing or use Local Only Mode.

The Three Structural Caveats (Across All Modes)

Three structural caveats apply to Spokenly regardless of which mode you choose. These are not mode-specific privacy issues — they're cross-cutting concerns about the product and its documentation.

Caveat 1: No SOC 2 / HIPAA / ISO 27001 / GDPR / CCPA Attestations

The Spokenly privacy policy does not reference any external compliance framework, audit, or certification. No SOC 2 Type II attestation, no HIPAA Business Associate Agreement, no ISO 27001 certification, no GDPR or CCPA processor agreement. This is consistent with most consumer Mac dictation tools — Voibe, VoiceInk, Superwhisper, and MacWhisper similarly do not carry these attestations — but it disqualifies Spokenly for any regulated workflow where compliance documentation is required.

For regulated alternatives:

  • HIPAA-covered dictation: Dragon Medical One ($79-99/user/month with BAA), Sonix Enterprise (HIPAA on Enterprise), or a dedicated medical-scribe product like Suki AI or Heidi Health. See our best dictation software for doctors guide.
  • Attorney-client privileged work: Local-only dictation eliminates the cloud disclosure surface. See our best dictation software for lawyers guide.
  • SOC 2-required procurement: Wispr Flow Enterprise has SOC 2 Type II, ISO 27001:2022, and HIPAA BAA available across plans. See our is Wispr Flow safe? investigation.

Caveat 2: No Disclosed Corporate Entity

The Spokenly privacy policy lists only admin@spokenly.app as the contact. There is no:

  • Company name (e.g., “Spokenly, Inc.” or “Akhmerov Software LLC”)
  • Country of registration (US, EU, UK, etc.)
  • Registered address or office location
  • Team page or about page disclosing personnel

Developer Vadim Akhmerov is identified as the developer on the App Store listing. Apple's App Store developer disclosure requirements provide this name, but the privacy policy does not separately confirm jurisdiction or corporate structure.

For procurement-driven privacy reviews — particularly Enterprise IT and legal teams that require a named legal counterparty — this is a documentation gap. The right mitigation: contact admin@spokenly.app and request entity and jurisdiction disclosure in writing before Enterprise deployment. Or use a product with a published entity (Wispr Flow's Wispr, Inc., or Willow Voice's YC company page).

Caveat 3: The iOS Keyboard Reliability Trade-off

App Store reviews on Spokenly's iOS app document keyboard reliability issues — unexpected app switches, recording-start failures, device-performance limitations with local models. The developer's published replies in the App Store recommend switching to online models for keyboard reliability.

The structural implication: if iOS keyboard users follow the recommended fix, the iOS keyboard posture shifts from local-only to cloud-by-default. The on-device privacy claim that draws users to Spokenly in the first place no longer applies to the iOS keyboard surface under the recommended configuration.

The pragmatic Mac-only buyer can largely ignore this caveat — the Mac app does not suffer the same issues. The pragmatic iOS-keyboard-priority buyer should weigh Willow Voice's iOS voice keyboard or Wispr Flow's iOS keyboard as alternatives that ship cloud-first by design and don't trade away an architectural claim to get reliability.

The Spokenly Safety Decision Tree

Use the Spokenly Safety Decision Tree to decide which mode is safe enough for your specific situation. The five questions, in order, take you from the lowest-risk use case to the highest. Stop at the first question where you cannot accept the answer Spokenly currently provides.

  1. Are you dictating only general content (drafts, emails, notes, AI prompts, casual messages) on your Mac? If yes — Spokenly Local Only Mode is reasonable. Whisper Large-v3 or Parakeet on Apple Silicon, no cloud route, no subprocessor chain. Continue to question 2 only if you need cloud accuracy.
  2. Do you need cloud accuracy and are comfortable managing API keys at multiple providers? If yes — Spokenly BYOK cloud mode works, but the privacy posture is the provider's posture. Read OpenAI / Deepgram / Groq / Anthropic / Google's API data-handling policies before routing sensitive content. Continue to question 3 if you don't want BYOK setup.
  3. Want managed cloud without BYOK and willing to accept a 5-subprocessor data chain at $9.99/month? If yes — Spokenly Pro is the convenience path. Cerebras, Fireworks, Groq, Mistral AI, and ElevenLabs each carry their own data postures; the contractual flow-down is not documented in the public privacy policy. Continue to question 4.
  4. Is the content covered by HIPAA, attorney-client privilege, NDA, or compliance regulation? If no — Spokenly across any mode is a reasonable consumer product. If yes — Spokenly is disqualified across all three modes (no SOC 2, no HIPAA BAA, no ISO 27001). Skip to question 5 to evaluate the architectural alternative, or use Dragon Medical One / Sonix Enterprise / a dedicated medical-scribe product.
  5. Want a simple two-mode design with one durable privacy promise? If yes — dictation tools like Voibe simplify the choice: a fully on-device mode (Whisper on the Apple Silicon Neural Engine, nothing leaves the Mac) or a private zero-retention cloud that runs only open-source models and is never trained on. There is no BYOK to manage and no subprocessor chain to audit in either mode; the durable promise is the same — your audio and text are never stored, never sold, and never used to train any AI model. Voibe at $149 lifetime versus 3 years of Spokenly Pro at $359.64 saves $210.64 (59%) with one durable privacy posture.

The pattern: the further you progress through the tree, the more on-device architecture wins. For the first three questions, Spokenly offers viable answers — different ones depending on which mode you select. By question 4, the absence of compliance attestations becomes a structural blocker for regulated work across all modes. By question 5, the architectural answer beats the policy answer.

Cross-Product Privacy Posture Comparison

Spokenly's three modes sit at very different points on the privacy spectrum. Here's how each one compares against the major peer postures we've investigated in this series.

Product / ModeData PathSubprocessorsComplianceVerdict for Sensitive Work
VoibeOn-device on Apple SiliconNoneArchitectural — no audit neededStrong (no cloud surface)
Spokenly Local OnlyOn-device on Apple SiliconNoneArchitectural — no attestation neededStrong (peer to Voibe)
VoiceInkOn-device on Apple SiliconNoneOpen-source GPL v3Strong (auditable code)
Apple DictationMostly on-device (Apple Silicon)Apple (occasional server fallback)No compliance attestationAcceptable for general work
Spokenly BYOKCloud via user-chosen providerSingle provider (OpenAI / Deepgram / Groq / Anthropic / Google)Provider's postureDepends on provider
Spokenly ProCloud via Spokenly's pipeline5 (Cerebras + Fireworks + Groq + Mistral AI + ElevenLabs)None — no SOC 2 / HIPAA / ISONot for regulated content
Wispr FlowCloud onlyDisclosed publicly (Baseten + OpenAI + Anthropic + Cerebras + AWS)SOC 2 II + ISO 27001:2022 + HIPAA BAA availableAcceptable with BAA / Privacy Mode
Willow VoiceCloud-first (Offline Mode optional)Not publicly disclosedPrivate Mode default-opt-out; HIPAA marketed but not in policyStrong default but documentation gaps
Superwhisper on-deviceOn-device on Apple SiliconNoneNo external attestationStrong; local audio recording default ON is a separate issue
Aqua VoiceCloud only (Avalon model)SOC 2 II named partnersSOC 2 Type II; training silence in policyAcceptable for general work; policy gaps

Spokenly Local Only Mode is structurally comparable to Voibe's on-device architecture. Spokenly Pro managed cloud has more subprocessors than most peers and no compliance attestation — placing it weaker than Wispr Flow Pro (audited stack) and Willow Voice (default opt-out + AI Mode anonymization commitment) on the cloud-comparison axis.

Architecture vs Audit: What Cloud Dictation Cannot Promise

Spokenly's three-mode design illustrates a deeper category lesson: there is a difference between architectural privacy and audited privacy. Local Only Mode is architectural — audio processing happens on the user's Apple Silicon chip and never crosses the network boundary. Pro managed cloud is audited-by-policy — Spokenly states audio is not stored, but the user trusts this through the privacy policy rather than through a third-party audit.

Five things architectural privacy delivers that audited privacy cannot:

  • Survives a policy change. A privacy policy can be updated with notice. Audio that never crosses your network boundary cannot be re-classified by a future policy revision. Spokenly's privacy policy is two months old at publication; the next revision could materially alter the framework.
  • Survives a subprocessor incident. Five subprocessors (Cerebras, Fireworks, Groq, Mistral AI, ElevenLabs) each represent a separate breach surface. On-device processing has zero subprocessors for dictation data.
  • Survives an acquisition. Indie solo-developer products like Spokenly can change hands. New ownership may bring new data postures. On-device data has nothing to transfer.
  • Survives a documentation gap. The current Spokenly privacy policy does not document HIPAA BAA, subprocessor flow-down, retention windows, or company entity. Decisions made under documentation uncertainty depend on the gap remaining benign. On-device dictation has nothing to document.
  • Survives legal compulsion. A subpoena or national security letter can compel a vendor to preserve data normally discarded. On-device processing removes the vector — there is no preserved data, and the vendor cannot produce what it never had.

None of this means cloud dictation is unusable — Spokenly Pro and the BYOK path are reasonable for general content. It means cloud dictation is contract-driven privacy, and the contract is only as strong as the documentation, the auditor, and the policy's continuity. For confidential, privileged, regulated, or compliance-audited work, architecture is the stronger guarantee. For a deeper treatment of this distinction, see our cloud vs local dictation guide and the AI Privacy Tracker.

The Five-Step Spokenly Safety Audit

Run this five-step audit before committing Spokenly for any work where data handling matters. Each step takes 2-10 minutes.

  1. Confirm your mode and read the corresponding privacy section. Open Spokenly settings, identify whether you're using Local Only Mode / BYOK cloud / Pro managed cloud. Each mode has a different privacy posture — Local Only is on-device, BYOK is provider-dependent, Pro is five-subprocessor managed cloud. Don't make safety decisions until you know which mode you're operating in.
  2. If using BYOK cloud, read each provider's API data policy. Your audio is governed by OpenAI / Deepgram / Groq / Anthropic / Google's API terms — not by Spokenly's privacy policy. Open the chosen provider's API data-handling page. Verify retention defaults, zero-retention options, and any compliance attestations relevant to your work.
  3. If using Pro managed cloud, verify each subprocessor matches your risk tolerance. Cerebras, Fireworks, Groq, Mistral AI, and ElevenLabs each have separate privacy policies. Review whichever subprocessor handles the workload you care about. If you're not sure which subprocessor handles which workload, contact admin@spokenly.app and ask in writing.
  4. Check your work against the regulated-content disqualifier. If your dictation includes HIPAA-covered content, attorney-client privileged work, NDA-bound source code, or compliance-audited material, Spokenly is disqualified across all three modes (no SOC 2, no HIPAA BAA, no ISO 27001). Use Dragon Medical One, Sonix Enterprise, or a dedicated compliance-attested product instead — or use Spokenly Local Only Mode in a separately-attested environment (your Mac under documented MDM with FileVault, etc.).
  5. Run an outbound-traffic monitor during a Local Only Mode session. Install Little Snitch or another macOS network monitor. Start a Local Only Mode dictation session. Outbound traffic from Spokenly during transcription should be zero. If you see network calls, you're not in Local Only Mode or there's a configuration issue worth investigating.

If any of the steps fail or feel uncomfortable, on-device dictation tools like Voibe eliminate the mode question — there is no BYOK to manage, no subprocessor chain to audit, no Pro tier to subscribe to. The architectural answer beats the policy answer for sensitive work.

Voibe: One Unified Privacy Posture, No Modes to Choose

Voibe on-device Mac dictation app interface showing Whisper running locally on Apple Silicon's Neural Engine with no cloud route, no BYOK option, and no Privacy Mode toggle to remember
Voibe (getvoibe.com) — single architectural mode (on-device), no subprocessor chain, no BYOK setup, no Privacy Mode toggle. The architectural answer to the multi-mode question.

Voibe is a Mac-native dictation app built around a durable promise: your audio and text are never stored, never sold, and never used to train any AI model. Voibe gives you two user-selectable modes. In on-device mode, Voibe runs OpenAI Whisper on Apple Silicon's Neural Engine — audio is captured into memory, transcribed locally, written into the active text field, and discarded, so nothing leaves the Mac (this mode requires an Apple Silicon Mac, M1 or later). In private cloud mode, audio goes over an encrypted connection to Voibe's own infrastructure, runs only open-weight models, and is deleted the moment transcription completes — no proprietary models from the major labs. There is no BYOK option and no subprocessor chain to audit in either mode.

Mapped against the Spokenly privacy questions raised above:

  • Architecture. Voibe runs on-device on Apple Silicon's Neural Engine, or through a private zero-retention cloud that uses only open-weight models — your choice. In on-device mode there are no cloud servers and no third-party LLM providers in the dictation path.
  • Modes. Two clean modes — fully on-device, or private open-source cloud. No BYOK setup to manage, no Pro tier to subscribe to, and no subprocessor chain to audit in either.
  • Subprocessor list. In on-device mode nothing is transmitted, so there is nothing to list; in private cloud mode audio is deleted the moment transcription completes and is never used to train any AI model.
  • Regulated content. For PHI and other regulated dictation, Voibe's on-device mode keeps audio on the clinical device so nothing leaves the Mac; the durable promise across both modes is that your audio and text are never stored, never sold, or used to train any AI model. See our HIPAA dictation guide for the clinical pathway.
  • Entity. Voibe is developed by a disclosed team with a published privacy policy at getvoibe.com/privacy.
  • Permissions. Voibe requests microphone access and macOS accessibility permission — the minimum surface required to capture audio and paste text into the active field. No screen recording, no camera, no full-disk access.
  • Network monitor. Run Little Snitch during a Voibe on-device dictation session. Outbound traffic from Voibe during transcription is zero.
  • Account. Voibe does not require an account to dictate.

Pricing: $7.50/month, $59/year, or $149 lifetime for unlimited dictation. Voibe runs on all Macs; on-device mode requires an Apple Silicon Mac (M1 or later). Voibe also includes Developer Mode for VS Code and Cursor with file/folder name resolution — useful for technical workflows where Spokenly's MCP server is the configurable alternative. Over 3 years, Voibe lifetime at $149 is $210.64 (59%) cheaper than Spokenly Pro at $359.64.

Try Voibe for Free — install, grant microphone and accessibility permissions, dictate. No account, no credit card, no BYOK setup, no subprocessor chain to audit, no Pro tier to subscribe to.

Frequently Asked Questions

Is Spokenly safe to use in 2026?

Spokenly's safety depends on which of its three architectural modes you use. Local Only Mode is genuinely safe — audio runs through Whisper Large-v3 and NVIDIA Parakeet on Apple Silicon with no network calls during transcription. BYOK cloud mode is as safe as whichever provider you bring keys for (OpenAI, Deepgram, Groq, Anthropic, Google) — the data-handling posture becomes that provider's posture, not Spokenly's. Pro managed cloud routes audio through five named subprocessors per the privacy policy effective March 2, 2026 (Cerebras, Fireworks, Groq, Mistral AI, ElevenLabs) and inherits all five companies' data postures. The structural caveats are three: no SOC 2 / HIPAA BAA / ISO 27001 / GDPR / CCPA attestations anywhere, no company entity or jurisdiction disclosed in the privacy policy (developer Vadim Akhmerov is named only via the App Store listing), and the iOS keyboard reliability issue where the developer recommends switching to online models — which defeats the on-device privacy benefit. For users who want a simple two-mode design with one durable privacy promise, alternatives like Voibe offer a fully on-device mode (nothing leaves the Mac) or a private zero-retention cloud that runs only open-source models and is never trained on — with no BYOK and no subprocessor chain to audit in either.

Does Spokenly send my voice to the cloud?

It depends on the mode. In Local Only Mode, no — audio is processed entirely on your Mac by Whisper Large-v3 or Parakeet on Apple Silicon, with no network calls during transcription. In BYOK cloud mode, yes — audio routes to whichever provider's API you configured (OpenAI, Deepgram, Groq, Anthropic, or Google). In Pro managed cloud mode, yes — audio routes through Spokenly's five named subprocessors per the privacy policy effective March 2, 2026: Cerebras, Fireworks, Groq, Mistral AI, and ElevenLabs. The privacy policy explicitly states audio recordings are not stored on Spokenly's servers, but the cloud providers may have their own retention defaults — for sensitive content, verify each provider's API data policy before routing. For users who never want audio leaving their Mac under any condition, on-device alternatives like Voibe, VoiceInk, MacWhisper, or Spokenly Local Only Mode itself eliminate the cloud route entirely.

Is Spokenly HIPAA compliant?

No. The Spokenly privacy policy effective March 2, 2026 does not reference HIPAA, SOC 2 Type II, ISO 27001, GDPR, CCPA, or any external compliance framework or attestation. There is no Business Associate Agreement (BAA) offered, no compliance attestation listed, and no auditor named. This is consistent with most consumer Mac dictation tools — Voibe, VoiceInk, Superwhisper, and MacWhisper similarly do not carry these attestations — but it disqualifies Spokenly for HIPAA-covered clinical workflows, attorney-client privileged work, and other regulated content. Healthcare providers should use Dragon Medical One ($79-99/user/month with BAA), Sonix Enterprise, or a dedicated medical-scribe product. See our HIPAA dictation guide for the full clinical pathway.

Who runs Spokenly? What entity is behind it?

Spokenly's privacy policy effective March 2, 2026 lists only admin@spokenly.app as the contact and does not name a company entity, jurisdiction, or team. The developer Vadim Akhmerov is disclosed via the Spokenly App Store listing (Audio to Text AI app, ID 6740315592, 4.4 / 5 from 43 ratings, v1.7.4 April 7 2026), not via the privacy policy itself. This is more entity transparency than the most anonymous indie dictation products (Wisprtype, parts of the Whisper-wrapper ecosystem) but less than VC-backed peers like Wispr Flow (Wispr, Inc., disclosed entity) or Willow Voice (YC X25 company page). For procurement-driven privacy reviews, the entity disclosure gap is a documentation issue worth flagging — particularly for buyers who require a named legal entity for vendor due diligence.

Are Spokenly's subprocessors safe? Who are they?

Spokenly Pro managed cloud routes audio through five named subprocessors per the privacy policy effective March 2, 2026: Cerebras (Cerebras Systems, AI inference), Fireworks (Fireworks AI, model hosting), Groq (Groq Inc., LPU inference), Mistral AI (Paris-based LLM provider), and ElevenLabs (voice AI infrastructure). Each is a separate data-handling perimeter with its own privacy policy, security posture, and retention defaults. Spokenly's policy lists these subprocessors but does not detail the contractual flow-down — whether each subprocessor handles a specific workload (transcription vs LLM cleanup vs voice synthesis), what retention applies at each layer, or whether they operate under data-processing agreements that match Spokenly's stated retention. For BYOK cloud mode, the subprocessor is whichever single provider you configured (OpenAI, Deepgram, Groq, Anthropic, or Google) — a simpler chain with a single contractual relationship. For Local Only Mode, there are no subprocessors at all because no audio leaves your Mac.

What does Spokenly's privacy policy actually say about data retention?

The Spokenly privacy policy effective March 2, 2026 makes a load-bearing claim that audio recordings are not stored on Spokenly's servers. The policy notes that Spokenly collects basic analytics — button clicks and page views — without personally identifiable information. The privacy policy lists five subprocessors (Cerebras, Fireworks, Groq, Mistral AI, ElevenLabs) for Pro managed cloud but does not detail how long each subprocessor retains audio or transcripts, what the contractual flow-down requires, or whether the no-storage commitment extends through the subprocessor chain. For BYOK cloud mode, retention defaults belong to whichever provider you configured — read OpenAI / Deepgram / Groq / Anthropic / Google's data-handling policies separately. The policy revision date of March 2, 2026 is recent enough to cover the current product surface, but does not address future feature additions.

Is Spokenly's free tier private? Or does BYOK leak data?

Spokenly's free tier has two paths with different privacy implications. Local Only Mode (the free on-device path) is genuinely private — Whisper Large-v3 and Parakeet run on Apple Silicon with no network calls during transcription, comparable to Voibe's on-device architecture. BYOK cloud (the free cloud path) routes audio to whichever provider's API key you configured — your privacy posture becomes the provider's posture for that session. If you want free privacy, use Local Only Mode and avoid BYOK cloud. If you use BYOK cloud, treat each provider's data policy as the actual privacy guarantee. The 'free' label applies to Spokenly's fee structure, not to a unified privacy posture — the architectural choice matters more than the price tier.

How does Spokenly compare to Voibe on privacy?

Voibe gives you two clean choices — a fully on-device mode (Whisper on the Apple Silicon Neural Engine, nothing leaves the Mac) or a private zero-retention cloud that runs only open-source models and is never trained on — and there is no BYOK key management or subprocessor chain to audit in either. Voibe's durable promise is the same in both modes: your audio and text are never stored, never sold, and never used to train any AI model. Spokenly is multi-architecture by design — three modes (Local Only, BYOK cloud, Pro managed cloud) with three different privacy postures, and the user chooses which one applies. For users who want a simple, auditable guarantee without configuring API keys or a Pro subprocessor chain, Voibe's two-mode design simplifies the audit. For users who want to bring their own provider keys, Spokenly's BYOK design is more configurable. Voibe pricing is $7.50/mo or $59/yr or $149 lifetime; Spokenly is Free + Pro $9.99/mo. Over 3 years, Voibe lifetime is $210.64 (59%) cheaper than Spokenly Pro with a zero-retention posture and no per-token API exposure.

What checks should I run before deciding Spokenly is safe for me?

Run the five-step Spokenly Safety Audit before committing for sensitive work. (1) Confirm which mode you'll use — Local Only / BYOK cloud / Pro managed cloud — and read the corresponding privacy section above. Different modes mean different privacy postures. (2) If using BYOK cloud, read each provider's API data-handling policy (OpenAI, Deepgram, Groq, Anthropic, Google) — your privacy guarantees come from the provider, not from Spokenly. (3) If using Pro managed cloud, accept the five-subprocessor chain (Cerebras, Fireworks, Groq, Mistral AI, ElevenLabs) and verify each subprocessor's posture matches your risk tolerance. (4) If your work is regulated (HIPAA, attorney-client privilege, NDA, compliance-audited), Spokenly is disqualified — no SOC 2, no HIPAA BAA, no ISO 27001 attestation exists. Use Dragon Medical One, Sonix Enterprise, or a dedicated medical-scribe product instead. (5) Run Little Snitch or another outbound-traffic monitor during a Spokenly Local Only Mode session — outbound traffic should be zero during transcription. If any of those checks fail or feel uncomfortable, on-device dictation tools like Voibe eliminate the mode question entirely — there is no BYOK to manage, no subprocessor chain to audit, no mode toggle to remember.

Ready to type 3x faster?

Voibe is the fastest, most private dictation app for Mac. Try it today.

  • 100% offline
  • Free to try
  • No subscription
  • Native Apple Silicon
  • 90+ languages

Prefer to go Pro? Save 20% on any plan with code VOIBE20 View pricing →