Is Superwhisper Safe? Privacy Modes, Local Recordings & Verdict (2026)

TL;DR: Superwhisper is among the safer Mac dictation apps for users who stay on its on-device modes. Per the Superwhisper privacy policy, “Your data is not retained on Superwhisper servers” and is “not used for training AI models or any other machine learning purposes.” The on-device modes (Tiny, Base, Small, Standard Whisper, Parakeet) process audio entirely locally and transmit nothing. Three structural caveats matter: (1) Superwhisper saves audio recordings to local disk by default — a surprising default that 23 users have voted to make opt-in on the public feedback board; (2) the privacy policy was last updated June 19, 2024 and does not separately describe how cloud modes (Ultra transcription, Super Mode LLM post-processing) handle audio compared to on-device modes; (3) Superwhisper holds no SOC 2, HIPAA, or ISO 27001 attestation, making it unsuitable for regulated workflows regardless of architecture.

For users who want zero local audio retention by default, no cloud-mode ambiguity, and a Mac-native build, Voibe runs Whisper 100% on-device, never writes audio to disk, and costs $198 lifetime — 21% less ($51.99 saved) than Superwhisper's $249.99 lifetime.

This article walks through what Superwhisper actually does with your voice in each mode, the local-recordings default that surprises users, the cloud-mode documentation gap, a five-step decision framework, and the on-device alternatives that sidestep the question entirely. Every claim is sourced to Superwhisper's own documentation, the company's public feedback board, or named third-party platforms.

Disclosure: Voibe is our product. We compare Voibe to other tools using verifiable facts — Superwhisper's own privacy policy and product documentation, Superwhisper's public user feedback board, and named third-party sources. Where Superwhisper's posture is stronger than Voibe's on a specific dimension (multi-platform reach, cloud-mode flexibility), we say so.

The rest of this article walks through each row in detail and gives you a five-step Superwhisper Safety Audit to make your own call.

Superwhisper is a mode-driven Mac dictation app. The mode you select determines whether your audio leaves the device. The app's core architectural decision — and the source of most user confusion — is that on-device modes and cloud modes share the same UI but route audio very differently. Understanding which mode you are in is the first safety question.

On-device modes (audio never leaves your Mac):

• Tiny, Base, Small — small Whisper variants that ship with the Free tier. Lower accuracy ceiling but completely local.
• Standard Whisper — Whisper large-v3 running locally on Apple Silicon. The Pro on-device default. Available on Pro and Lifetime.
• Parakeet — NVIDIA's local speech model, used as a Whisper alternative for English-heavy workflows.

Cloud modes (audio is transmitted):

• Ultra — Superwhisper's higher-accuracy cloud transcription mode. Pro tier only. Audio is sent to Superwhisper's proxy infrastructure, transcribed using cloud models, and returned.
• Super Mode — cloud LLM post-processing modes (grammar polish, translation, custom prompts). Audio is transcribed and the transcript is sent through OpenAI, Anthropic, Google, Groq, Meta, Mistral, or Grok depending on the mode configuration. Pro tier only, with user-supplied API keys.

Superwhisper's privacy policy states the no-retention and no-training commitments uniformly — there is no separate language for cloud modes. Superwhisper has publicly stated that cloud-mode audio is proxied through its infrastructure with stripped identifying information, and that third-party providers cannot tie audio to a specific user account or content. That posture is in good faith. The documentation gap is that the public privacy policy, last revised June 19, 2024, does not separately call out cloud-mode handling — the policy was written in an environment where on-device was the dominant Superwhisper mode.

For sensitive work, the safer pattern is: stay on on-device modes (Standard Whisper or Parakeet for the best accuracy without cloud routing), disable local audio recording in Settings, and use Little Snitch to confirm outbound traffic is zero during dictation. For unrestricted dictation that benefits from cloud LLM post-processing, the cloud modes are functional but their handling is not separately documented and is not covered by a third-party audit.

The single most-cited Superwhisper privacy frustration on the company's own public feedback board is that audio recordings are saved to local disk by default. The top-voted ticket asks for an option to disable audio storage entirely, which has accumulated 23 votes across the user base — making it one of the highest-priority privacy requests on Superwhisper's UserJot. As of April 2026, this remains an opt-out toggle in Settings rather than an opt-in choice.

The mechanics:

• Where the recordings go. Superwhisper writes audio recordings into the user's iCloud Documents folder by default. If iCloud Drive is enabled on the Mac, those recordings sync to iCloud and to any other signed-in device.
• Why it surprises users. Many Superwhisper users assume "on-device" implies "nothing stored." Local storage is technically still on-device, but it is on-disk rather than in-memory — the audio persists, has a file path, can be backed up to Time Machine, and can sync across iCloud-linked devices. None of this is hidden, but it is not the mental model most users carry into the app.
• Why it surprises power users. The same UserJot ticket reports that the iCloud Documents folder accumulates clutter — recordings stack up over weeks of dictation and need manual cleanup. For users with smaller iCloud plans, this can quietly fill the available quota.
• How to disable. Open Superwhisper Settings → find the recording-storage option → turn it off. The setting takes effect for new dictations; existing recordings need to be deleted manually.

Superwhisper's privacy policy confirms that files "do get saved to your device" but does not provide guidance on default behavior, retention, or deletion procedures. The public feedback board documents the user-side response to the default in real time.

The pattern this represents — "on-device is local, but local is not the same as ephemeral" — is worth keeping in mind for any dictation app. Voibe's architectural choice is to write nothing to disk at all: audio is captured into memory, transcribed, written into the active text field, and discarded. There is no recording-storage setting because there are no recordings.

If you use any of Superwhisper's cloud modes — Ultra transcription, Super Mode LLM post-processing, custom prompt modes — Superwhisper requires you to bring your own API keys for the underlying providers (OpenAI, Anthropic, Google Gemini, Groq, Mistral, Grok, etc.). Those keys are stored as plaintext JSON files in Superwhisper's local Application Support directory.

This is documented and upvoted on Superwhisper's public feedback board (15+ votes for moving keys into the macOS Keychain or a secure-enclave-backed vault). The risk surface:

• Any process running with your user permissions can read them. macOS sandboxing protects the OS from third-party apps, but apps running under your user account can read each other's Application Support directories without elevated permission.
• Time Machine backups copy them. Plaintext keys end up in any backup that includes your user library — internal Time Machine, off-site backup tools, sync utilities.
• iCloud Drive can sync them. If your Application Support folder is replicated by any cloud sync tool, keys move with it.
• Malware with user-level access exfiltrates them trivially. A common pattern in macOS-targeted malware is grepping the Application Support directory for tokens and API keys.

The pragmatic mitigations if you keep using Superwhisper's cloud modes:

1. Use scoped, low-privilege keys. Where the provider supports key restrictions (per-model, per-IP, rate-limited), use those features.
2. Rotate on a calendar. Set a monthly or quarterly reminder; rotate even without a known compromise.
3. Do not reuse personal-billing keys for shared work. A leak means someone else can spend your money.
4. Watch for unusual usage spikes on each provider's dashboard. Most providers email when monthly thresholds break.
5. Revoke immediately if the Mac is lost, stolen, or compromised. Treat this as the same urgency as losing a hardware key.

Voibe does not require API keys for any feature. There is no key surface to manage, rotate, or worry about — the dictation pipeline is self-contained on Apple Silicon. This is one of the cases where on-device architecture eliminates a configuration risk rather than asking the user to manage it.

Superwhisper's privacy policy is honest, brief, and clearly written. It is also dated June 19, 2024, which means it predates the current public framing of Superwhisper's cloud-mode set. The policy makes two universal commitments — “Your data is not retained on Superwhisper servers” and “not used for training AI models or any other machine learning purposes” — without distinguishing how those commitments apply to on-device modes versus cloud modes.

What we know about cloud-mode handling, sourced from Superwhisper's product documentation and public statements:

• Audio is proxied through Superwhisper's infrastructure before reaching third-party providers. Superwhisper publicly states that this proxying strips identifying account and content information.
• Third-party providers do not see user account or per-user content metadata. Superwhisper has stated this in product communications.
• No retention or training is the stated posture for cloud modes per Superwhisper's communications, but this is not separately written into the privacy policy text.

The honest gap is not that Superwhisper is doing something hidden. The gap is that the public privacy policy is the document a regulator, auditor, or enterprise-procurement team would rely on, and that document does not currently reflect the cloud-mode set as a separately handled data path. For a casual user, this gap rarely matters. For a healthcare practice, a law firm, a security-conscious enterprise, or any team with formal compliance requirements, the absence of cloud-mode-specific language in the policy is a procurement blocker.

The right read: Superwhisper's stated cloud-mode posture is reasonable and consistent with the company's privacy-first reputation. The documentation is not yet at the level a regulated workflow would require. The single best leading indicator that this gap will close is the last-updated date on the privacy policy. As long as that date stays at June 19, 2024, the documentation gap remains.

Superwhisper sits in a useful middle position in the dictation-privacy landscape. It is more privacy-protective than fully cloud-based products like Wispr Flow, Aqua Voice, or Otter — for any user who stays on its on-device modes. It is less privacy-protective than fully on-device products like Voibe and VoiceInk because of the local-recording default, the plaintext API key storage, and the cloud-mode documentation gap.

What Superwhisper has:

• On-device transcription as a real architectural option, available even on the Free tier. Audio in on-device modes truly does not leave the Mac.
• Direct privacy-policy commitments to no-retention and no-training, in plain language.
• A privacy-first reputation built up over years in the Mac dictation community, with no public breach incidents.
• Multi-platform support (Mac, Windows, iOS) — broader than Voibe's Mac-only scope.
• Cloud-mode optionality for users who want grammar polish, translation, or custom prompt-driven rewrites and accept the cloud routing.

What Superwhisper does not have:

• A SOC 2 Type II report. Without one, regulated workflows cannot procure Superwhisper through compliance review.
• HIPAA BAA availability. Healthcare workflows are off the table.
• ISO 27001 attestation. Same procurement-blocking effect for security-mature enterprises.
• A privacy policy that separately describes cloud-mode data handling. The June 19, 2024 policy is unified across modes.
• Default-off local audio recording. The current default is on, with opt-out in Settings.
• Secure storage for cloud-mode API keys. Plaintext JSON in Application Support is the current pattern.

For most non-regulated users who stay on on-device modes and disable local recording, Superwhisper is among the safer Mac dictation choices. For regulated workflows, the absence of compliance attestations is the blocking constraint, not the architectural choice. The architectural answer to both is on-device dictation that does not need a SOC 2 report because it has no cloud surface to audit. For a deeper treatment of this distinction, see our cloud vs. local dictation guide and the broader voice data privacy guide.

Use the Superwhisper Safety Decision Tree to decide whether Superwhisper is safe enough for your specific situation. The five questions, in order, take you from the lowest-risk use case to the highest. Stop at the first question where you cannot accept the answer Superwhisper currently provides.

1. Are you dictating only general content (drafts, emails, notes, AI prompts, casual messages)? If yes — Superwhisper on on-device modes is reasonable. If you are dictating confidential, privileged, or regulated content, continue to question 2.
2. Will you stay on on-device modes (Tiny, Base, Small, Standard Whisper, Parakeet) for sensitive content? If yes — the audio never leaves your Mac via Superwhisper, so cloud-mode ambiguity does not apply. Continue to question 3. If you need cloud modes (Ultra, Super Mode) for sensitive content, the documentation gap is currently a blocker.
3. Will you disable local audio recording in Settings and clear the existing recordings folder? If yes — the largest silent privacy gap is closed. Continue to question 4. If you keep recordings on by default, accept that audio files persist on disk and may sync to iCloud.
4. Is the content covered by HIPAA, SOC 2, ISO 27001, or attorney-client privilege? If no — Superwhisper on on-device modes with recording disabled is reasonable. If yes — Superwhisper holds none of those attestations and signs no BAA, so the answer is no, regardless of mode. Skip to question 5.
5. Are you comfortable with audio recordings written to disk and API keys stored in plaintext, even if mitigated? If yes — Superwhisper is workable with the configurations above. If no, only an on-device dictation tool that writes nothing to disk and requires no API keys will satisfy you. Voibe, VoiceInk, and Apple Dictation are the three Mac-native options.

The pattern: the further you progress through the tree, the more Superwhisper's defaults rub against the use case. For the first two questions, on-device modes are a reasonable answer. By question 4, the absence of compliance attestations becomes the structural blocker. By question 5, the architectural answer (writes nothing to disk, requires no API keys) wins.

If Superwhisper's local-recording default, plaintext API key storage, or compliance gap concerns you, the architectural answer is on-device dictation that writes nothing to disk and requires no API keys. Three Mac-native options process audio entirely on Apple Silicon's Neural Engine using OpenAI Whisper models — audio never persists to disk, no third-party API keys are needed, and there is no cloud-mode mode confusion to manage.

Side-by-side cost picture against Superwhisper:

• Lifetime: Superwhisper $249.99 vs. Voibe $198 = $51.99 saved (21% cheaper).
• Pro Annual over 3 years: Superwhisper $84.99 × 3 = $254.97 vs. Voibe lifetime $198 = $56.97 saved.
• Pro Monthly over 3 years: Superwhisper $8.49 × 36 = $305.64 vs. Voibe lifetime $198 = $107.64 saved (35%).

For a deeper Superwhisper-vs-Voibe pricing breakdown, see our Superwhisper pricing guide. For an open-source on-device option with an auditable codebase, see VoiceInk pricing. For the cross-tool roundup, see our best offline dictation apps.

Honest tradeoffs: Superwhisper supports Windows and iOS; Voibe is Mac-only. Superwhisper offers cloud LLM post-processing modes; Voibe deliberately does not — the Smart Formatting layer that Voibe ships is a bounded local cleanup pass (filler removal, punctuation, list detection), not an LLM rewrite. If you need a Windows app or cloud LLM rewriting, Superwhisper still has the more complete feature set. If you need on-device dictation that does not write audio to disk, the answer is Voibe.

Voibe is a Mac-native dictation app built around two architectural principles: your audio never leaves the device, and your audio is never written to disk. Voibe runs OpenAI Whisper models on Apple Silicon's Neural Engine. When you press your hotkey, audio is captured into memory, transcribed by the local Whisper model, written into the active text field, and discarded. No cloud servers, no third-party LLM providers, no API keys, no local recording files, no opt-out toggle to remember.

Mapped against the safety questions raised by the Superwhisper story:

• Audio routing. Voibe processes audio on the Apple Silicon Neural Engine. There are no cloud modes to confuse with on-device modes — there is only one mode.
• Local recording default. Not applicable. Voibe writes no recording files to disk. There is no recording-storage setting because there are no recordings.
• API key storage. Not applicable. Voibe does not require API keys for any feature. There is no key-management surface to mitigate.
• Privacy policy gap. Voibe's privacy policy at getvoibe.com/privacy states: “The Voibe application processes your voice entirely on your device. No audio is transmitted to our servers at any point.” One mode, one commitment.
• Compliance audit dependency. Voibe does not currently hold a SOC 2 attestation either, and we say so plainly. The structural difference is that an on-device-only architecture does not require a SOC 2 to be safe — there is no data flow to audit. For regulated workflows, our HIPAA dictation guide walks through the architectural HIPAA framing.
• Permissions. Voibe requests microphone access and macOS accessibility permission — the minimum surface required to capture audio and paste text into the active field. No screen recording, no camera, no full-disk access.
• Network monitor. Run Little Snitch during a Voibe dictation session. Outbound traffic from Voibe during transcription is zero.
• Account. Voibe does not require an account to dictate.

Pricing: $9.90/month, $89.10/year, or $198 lifetime for unlimited dictation on Apple Silicon Macs (M1 through M4). Voibe also includes a Developer Mode for VS Code and Cursor with file/folder name resolution — a feature actively requested by Superwhisper users (9 votes for IDE context awareness on the public feedback board) but not yet shipped in Superwhisper.

Try Voibe for Free — install, grant microphone and accessibility permissions, and dictate. No account, no credit card, no audio leaving your Mac, no recordings written to disk.

Superwhisper is among the safer Mac dictation apps in April 2026 for users who stay on its on-device modes. The core privacy-policy commitments — no server retention, no AI training — are direct and load-bearing for on-device modes (Tiny, Base, Small, Standard Whisper, Parakeet). For most non-regulated users dictating drafts, emails, notes, and AI prompts on those modes with local audio recording disabled, Superwhisper is a reasonable privacy choice.

It is not the right tool if you need compliance attestations (no SOC 2, no HIPAA, no ISO 27001), cannot accept audio recordings written to disk by default, are uncomfortable with plaintext API key storage if you use cloud modes, or need separately documented cloud-mode handling for procurement review. None of these are breaches or scandals — they are surprising defaults and documentation gaps that compound risk in specific deployments.

The pattern this represents is broader than Superwhisper. "On-device" is not a single architectural posture. There is a spectrum from on-device transcription with local recordings stored to disk (Superwhisper's default) to on-device transcription with no disk write at all (Voibe's architecture). For most general dictation, the first is fine. For regulated, privileged, or compliance-audited workflows, the second is the architectural answer.

If Superwhisper is on your shortlist, run the Superwhisper Safety Audit: stay on on-device modes, disable local audio recording in Settings, clear the existing recordings folder, treat any cloud-mode API keys as exposed, and watch the privacy-policy revision date as the leading indicator of whether documentation catches up to product surface area. If those steps feel like more diligence than you want to spend on a $249.99 lifetime, Voibe at $198 lifetime sidesteps all of them by writing nothing to disk and routing nothing to the cloud.

For further reading, see our Superwhisper review, Superwhisper pricing breakdown, and Superwhisper platform support guide. For sibling safety investigations in the same series, see Is Wispr Flow Safe? (cloud subprocessors + Delve audit scandal), Is Aqua Voice Safe? (cloud-only + default-off Privacy Mode + AI-training silence), Is Willow Voice Safe? (Private Mode default-on + HIPAA marketing-vs-policy gap), Is Otter Safe? (meeting transcription + visible-bot consent class action), Is Dragon Safe? (Microsoft-owned three-product line), and Is Claude Code Safe? (developer-tool parallel: Pro/Max trains by default after Aug 2025 vs Commercial Terms no-training default). For the broader privacy investigation pattern, see our Typeless privacy issues piece and our Apple Dictation privacy guide. For comparisons, see Wispr Flow vs. Superwhisper, MacWhisper vs. Superwhisper, Typeless vs. Superwhisper, Superwhisper vs. VoiceInk, Apple Dictation vs. Superwhisper (free built-in vs $249.99 Whisper power-user app), and Apple Dictation vs. OpenAI Whisper. For a continuously-updated cross-product reference covering ChatGPT, Claude, Gemini, Cursor, Copilot, Voibe, and the rest of the Superwhisper peer set on training, retention, and on-device support, see our AI Tool Privacy Tracker. For deeper architectural framing, see the voice data privacy guide, the cloud vs. local dictation guide, the offline dictation privacy on Mac explainer, and the complete dictation privacy hub.