Is Wispr Flow Safe? Privacy, Delve Audit Scandal & Verdict (2026)

TL;DR: Wispr Flow is reasonably safe for general cloud dictation in 2026 — it holds SOC 2 Type II and ISO 27001:2022 attestations, encrypts data in transit and at rest in AWS us-east-1, and offers a self-serve HIPAA BAA that irreversibly locks Privacy Mode on. It is structurally less safe for users who cannot accept any audio leaving their Mac. Wispr Flow's audio is processed by Baseten, its text by OpenAI, Anthropic, and Cerebras, and stored on AWS — all named in Wispr Flow's own subprocessor list. Privacy Mode (zero data retention) is off by default for non-HIPAA users. Separately, Wispr Flow's prior compliance vendor Delve was named in March 2026 as the subject of a credible fake-audit investigation, naming Wispr Flow as one of the affected customers. Wispr Flow has responded transparently — engaging A-LIGN as a new auditor and Drata as a new compliance platform — but the fresh audit is not yet complete. For users who want privacy as architecture rather than as a contract, Voibe runs Whisper 100% on-device on Apple Silicon and never transmits audio off the Mac.

This article walks through what Wispr Flow actually does with your voice, the Delve compliance scandal in plain language, Wispr Flow's response, a five-step decision framework, and the on-device alternatives that sidestep the question entirely. Every claim is sourced to Wispr Flow's own documentation, primary investigative reporting, or named third-party platforms.

Disclosure: Voibe is our product. We compare Voibe to other tools using verifiable facts — Wispr Flow's own privacy policy and security overview, attributed third-party investigations, and named subprocessor listings.

The rest of this article walks through each row in detail and gives you a five-step Wispr Flow Safety Audit to make your own call.

Wispr Flow is a cloud dictation product. The audio you speak into your Mac, Windows PC, or iPhone is encrypted, transmitted across the public internet, processed on AWS infrastructure, run through one or more third-party LLM providers, and only then returned to your device as text. None of this is hidden — it is documented in Wispr Flow's own privacy policy, security overview, and subprocessor list. The honest read is that Wispr Flow is more transparent than most cloud dictation peers about where your data actually goes — but transparency about cloud routing is not the same thing as architectural privacy.

Wispr Flow's privacy policy describes audio collection in plain language: “audio Inputs containing Personal Information that you choose to include (for example, if you say your name in a voice recording).” The policy also states: “we may share your data with third-party LLMs in order to provide certain features. Your data is never used to train these services and will be deleted after 30 days.” A separate clause confirms: “We do not sell your data or use it to optimize ads for other companies.” Those are reasonable commitments for a cloud SaaS product.

The fuller picture is in the subprocessor list. According to Wispr Flow's own docs (last updated nine days before this article), here is where your data actually flows when you dictate:

• Baseten — transcription pipeline (ASR and formatting). Your audio is processed here.
• OpenAI, Anthropic, Cerebras — text processing (Polish, formatting). Your transcribed text is processed by one or more of these.
• Fireworks AI, OpenRouter — Command Mode fallback and select ancillary endpoints.
• AWS S3 — general data storage in the us-east-1 region.
• Supabase — user authentication and session management.
• PostHog — product analytics and session replay (can capture user-interface activity).
• Sentry — error tracking; the docs note Sentry can capture screenshots/replays on supported platforms.
• Stripe + RevenueCat — payments processing.
• Twilio — SMS handling.
• Attio + Pylon — CRM and customer support, syncing per-user data including word counts, streaks, app usage, and subscription billing.

This is a normal cloud SaaS architecture. It is also the cloud surface area: every named subprocessor is a place where your data exists, even if briefly. Wispr Flow notes a structural limitation in the same document: “Customers do not have individual approval rights over specific LLM providers or model families.”

Wispr Flow's flagship privacy feature is Privacy Mode, also called Zero Data Retention (ZDR). When Privacy Mode is on, none of your dictation data — audio, transcripts, edits — is stored or used for model training by Wispr Flow or any third-party LLM. The mechanics matter:

• Default state for individual users. Per Wispr Flow's Security Overview: “Privacy Mode is off by default. When off, dictation data may be used to improve Wispr Flow.” An individual Pro subscriber who never opens settings is, by default, contributing dictation data to model improvement.
• Opt-in path #1: Settings toggle. Open Settings → Data and Privacy and switch Privacy Mode on manually.
• Opt-in path #2: Sign the BAA. Per Wispr's HIPAA + ZDR documentation, signing the in-app Business Associate Agreement “permanently enables Privacy Mode (zero data retention) for your account and cannot be turned off.” The BAA is irreversible — the strongest privacy commitment Wispr Flow offers and the only one that locks ZDR on for the lifetime of the account.
• Enterprise enforcement. Once an organization-wide BAA is signed through the admin portal, the ZDR enforcement toggle is locked on across every user in the organization and cannot be disabled by admins.

The result is a two-track product. HIPAA-signed users (and the enterprise teams whose admins enforce ZDR) get a strong, locked privacy commitment. Everyone else — the default Pro subscriber on $15/month or $144/year — has their dictation data potentially used for model improvement until they explicitly opt out.

Wispr Flow's privacy policy separately confirms that Wispr does not sell user data and that data sent to third-party LLMs is deleted after 30 days. Both are reasonable commitments — but neither changes the architectural fact that the audio leaves your Mac.

To understand the safety question around Wispr Flow's compliance posture today, you need to know what happened to its prior compliance vendor. The summary: in March 2026, an independent investigation alleged that Delve — a Y Combinator-backed compliance automation startup that handled SOC 2, HIPAA, and ISO 27001 reports for hundreds of customers — generated reports that were nearly identical templates with auditor conclusions allegedly pre-populated before any client evidence was reviewed. Wispr Flow was one of the named affected customers.

The timeline:

1. March 18–19, 2026: An anonymous Substack writer publishing as Deepdelver publishes “Delve — Fake Compliance as a Service.” The investigation analyzed 494 SOC 2 reports allegedly generated through Delve's platform and reported that 99.8% of them shared identical boilerplate text. The same nonsensical sentence — “An Endpoint Security Solution is installed with the feature of scanning the device automatically and log reports are reviewed” — appeared in 493 of 494 reports. Affected customers named in the investigation included Wispr Flow, Lovable, Cluely, Bland, Greptile, Incorta, 11x, and others.
2. March 22, 2026: TechCrunch covers the allegations. Delve responds publicly, saying it is “an automation platform, not an auditing firm” and that final reports are issued by independent auditors using a Delve-managed dashboard.
3. March 23, 2026: Insight Partners, Delve's lead Series A investor, scrubs its investment-announcement post.
4. April 1, 2026: TechCrunch reports a second allegation: Delve's no-code workflow product, Pathways, was forked from SimStudio (the open-source product of Sim.ai, a fellow YC company), with attribution stripped.
5. April 4, 2026: Y Combinator removes Delve from its community, stating: “YC is a community, not just an accelerator. The founders in our community have to trust each other, and we have to trust them.”

The core technical allegation, summarized by IANS Research on April 19, 2026, is that “hundreds of companies may be relying on security attestations that do not reflect real control implementation or testing.” IANS Faculty member Jeff Brown noted: “A SOC 2 Type II report was never meant to be a security guarantee.” What it is meant to be — evidence that an independent auditor designed and ran tests against actual controls — is exactly what the Deepdelver investigation says was missing.

Wispr Flow's two pre-Delve-scandal certifications were issued in this environment:

• SOC 2 Type II by ACCORP Partners, covering February 15 – May 15, 2025
• ISO 27001:2022 (Certificate GCI/IS/202509008) by Gradient Certification Inc., issued September 8, 2025

Both ACCORP and Gradient appear in the Deepdelver investigation as part of the allegedly Delve-affiliated audit network. We are not asserting that Wispr Flow's specific reports were fabricated — the investigation did not analyze Wispr Flow's controls in particular, and Wispr Flow has stated its controls were built independently of Delve. We are noting that the assurance value of those two reports, until reverified by an independent auditor outside the Delve ecosystem, is reduced relative to what a SOC 2 Type II would normally provide.

Wispr Flow's public response to the Delve allegations has been transparent and substantive. The two posts that matter are “A note on our compliance program” by CTO Sahaj Garg (March 19, 2026) and “Our path to a new, independent audit” (March 27, 2026). The remediation has three concrete pieces.

1. New compliance automation platform: Drata. Wispr Flow migrated off Delve and onto Drata, which is used by companies including LinkedIn, GEICO, and Capital One per Wispr's own blog. Drata provides continuous, automated monitoring of security controls — the same category of automation Delve offered, but from a vendor with an established track record and no fraud allegations. Sprinto and other industry analyses describe Drata as one of the two leading mature SOC 2 automation platforms (Vanta being the other).

2. New SOC 2 auditor: A-LIGN. A-LIGN is one of the most established SOC 2 auditors globally — 31,000+ audits across 5,700+ clients, including US Bank and Snowflake per Wispr's audit-update post. A-LIGN is reverifying Wispr Flow's SOC 2 compliance, verifying its HIPAA status, and pursuing ISO 27001 certification. The timeline per Wispr's audit timeline doc: “about 6–8 weeks, and potentially sooner.” Wispr has stated it will not compress the timeline, which is the right call — a rushed re-audit would defeat the purpose.

3. New trust center on SafeBase. Wispr Flow migrated its public trust center off Delve's hosted platform (formerly at trust.delve.co/wispr-flow) to a new SafeBase-powered portal at trust.wispr.ai. SafeBase is the standard trust-center platform used by enterprise SaaS companies. The new center lists HIPAA, ISO/IEC 27001, and SOC 2 Type 2 certifications and provides downloadable documentation behind an access gate.

What Wispr Flow has not done: it has not retracted its existing certifications, nor admitted that those reports were fraudulent. The position in Sahaj Garg's note is that Wispr's controls were “built and implemented independently of Delve” and the open question is whether Delve properly verified the implementation, not whether the controls themselves exist. That is a defensible position pending the A-LIGN report. The honest framing is that Wispr Flow's compliance posture is in a transition window: stronger than it was on March 18, weaker than it will be once A-LIGN signs off.

The deeper lesson from the Delve story is not specific to Wispr Flow. It is about the difference between architectural privacy and audited privacy. A SOC 2 Type II report is an attestation that an independent auditor designed and ran tests against a vendor's stated controls during a defined window. When the audit process itself is allegedly automated, templated, and pre-populated, the attestation degrades from evidence of working controls to evidence that the vendor paid for a PDF.

Five things audit-based privacy cannot do that on-device architecture can:

• Survive an audit-quality crisis. When the audit vendor is credibly accused of fraud, every certification issued under that vendor becomes provisional until reverified. On-device processing produces no audit because there is no data flow to audit.
• Survive a policy change. A privacy policy can be updated with 30 days' notice. The same servers operating under “zero retention” today can store data tomorrow under a revised policy. Audio that never crosses your network boundary cannot be retained by a future policy.
• Survive a subprocessor incident. Wispr Flow names eleven-plus subprocessors in its current list, each with its own incident history and policies. On-device processing has zero subprocessors for dictation data — there is no third party to breach.
• Survive an acquisition. When a vendor is acquired, customer data becomes an asset under new governance. When Microsoft acquired Nuance (Dragon) in 2022, the entire customer data corpus moved under Microsoft's data policies. A privacy-first startup's commitments do not necessarily survive a change in ownership. On-device data has nothing to transfer.
• Survive legal compulsion. A subpoena or national security letter can compel a vendor to preserve and disclose data normally discarded. On-device processing removes this vector — there is no preserved data, and the vendor cannot produce what it never had.

None of this means cloud dictation is unusable. It means cloud dictation is a policy-and-trust product: you trust the vendor's commitments, the auditor's verification, the subprocessors' diligence, and the policies' continuity. On-device dictation is an architecture-and-physics product: the audio is processed on your device's chip, never crosses the network, and is discarded after transcription. For most general dictation, the policy-and-trust model is acceptable. For confidential, privileged, or regulated work, architecture is the stronger guarantee. For a deeper treatment of this distinction, see our cloud vs. local dictation guide and voice data privacy guide.

Use the Wispr Flow Safety Decision Tree to decide whether Wispr Flow is safe enough for your specific situation. The five questions, in order, take you from the lowest-risk use case to the highest. Stop at the first question where you cannot accept the answer Wispr Flow currently provides.

1. Are you dictating only general content (drafts, emails, notes, AI prompts, casual messages)? If yes — Wispr Flow with Privacy Mode enabled is reasonable. If you are dictating confidential, privileged, or regulated content, continue to question 2.
2. Is the content covered by HIPAA, attorney-client privilege, NDA, or compliance regulation? If no — Wispr Flow with Privacy Mode is still reasonable. If yes, continue to question 3.
3. Are you willing to sign Wispr Flow's in-app BAA, knowing it irreversibly locks Privacy Mode on? If yes — you have the strongest commitment Wispr Flow offers. Continue to question 4 to verify the audit posture matches your standard. If no, jump to the on-device alternative.
4. Will you wait for the fresh A-LIGN SOC 2 Type II report (expected ~6–8 weeks from March 27, 2026) before relying on Wispr Flow for regulated workflows? If yes — Wispr Flow's compliance posture should be reverified by then; revisit at that point. If no, an on-device alternative removes the audit dependency entirely.
5. Are you comfortable with audio leaving your Mac under any circumstances? If yes — Wispr Flow's cloud architecture is acceptable. If no, only on-device dictation will satisfy you. Voibe, VoiceInk, and Superwhisper offline mode are the three Mac-native options.

The pattern: the further you progress through the tree, the more on-device architecture wins. For the first two questions, Wispr Flow is a reasonable cloud product. For the last three, the architectural answer beats the policy answer.

If the Delve audit story or the cloud architecture concerns you, the architectural answer is on-device dictation. Three Mac-native options process audio entirely on Apple Silicon's Neural Engine using OpenAI Whisper models — audio never leaves the device, no subprocessors handle dictation data, and the question of audit-vendor quality is moot because there is no audit-able data flow.

Side-by-side cost picture against Wispr Flow Pro Annual ($144/year):

• After 3 years: Wispr Flow Pro = $432; Voibe lifetime = $198. Voibe is $234 cheaper (54% saving).
• After 5 years: Wispr Flow Pro = $720; Voibe lifetime = $198. Voibe is $522 cheaper (73% saving).
• Voibe pays for itself in ~16 months against Wispr Flow Pro Annual, then keeps working forever.

Superwhisper at $249.99 lifetime is also subscription-free but $52 more than Voibe and historically stores audio recordings by default (a Superwhisper user-research finding documented in our Wispr Flow vs. Superwhisper comparison and the Superwhisper user-feedback section of our research). For a fully open-source on-device option with an auditable codebase, see our VoiceInk pricing guide.

For a cross-tool view, see our best offline dictation apps roundup, our why offline dictation matters explainer, and the complete dictation privacy hub.

Voibe is a Mac-native dictation app built around a single architectural principle: your audio never leaves the device. Voibe runs OpenAI Whisper models on Apple Silicon's Neural Engine. When you press your hotkey, audio is captured into memory, transcribed by the local Whisper model, written into the active text field, and discarded. No cloud servers, no third-party LLM providers, no AWS subprocessor for dictation data, no compliance vendor to audit.

Mapped against the safety questions raised by the Wispr Flow story:

• Audio routing. Voibe processes audio on the Apple Silicon Neural Engine. There are no Baseten endpoints, OpenAI calls, or AWS regions involved in dictation. The audio you speak does not leave your Mac.
• Subprocessor list. Voibe has no subprocessors for dictation data because none is transmitted. There is nothing to list.
• Privacy Mode default. Not applicable. Voibe's privacy posture is the same regardless of any setting — audio is processed locally and discarded.
• Compliance audit dependency. Not applicable. With no data leaving the device, there is no SaaS audit surface that a compliance-vendor scandal could undermine.
• BAA / ZDR contracts. Healthcare professionals can use Voibe without a BAA because no Protected Health Information is transmitted to Voibe's infrastructure. Voibe does not have a SaaS-style data flow to be regulated under HIPAA. (See our HIPAA dictation guide for the full architectural framing.)
• Permissions. Voibe requests microphone access and macOS accessibility permission — the minimum surface required to capture audio and paste text into the active field. No screen recording, no camera, no Bluetooth, no full-disk access.
• Network monitor. Run Little Snitch during a Voibe dictation session. Outbound traffic from Voibe during transcription is zero.
• Account. Voibe does not require an account to dictate. There is no identity-to-voice linkage on a Voibe server.

Pricing: $9.90/month, $89.10/year, or $198 lifetime for unlimited dictation on Apple Silicon Macs (M1 through M4). Voibe also includes a Developer Mode for VS Code and Cursor with file/folder name resolution — a feature actively requested by Wispr Flow and Superwhisper users but unavailable in either.

Try Voibe for Free — install, grant microphone and accessibility permissions, and dictate. No account, no credit card, no audio leaving your Mac.

Wispr Flow is reasonably safe for general cloud dictation in April 2026. The product is more transparent than most cloud peers about its subprocessors, encryption, and Privacy Mode mechanics. Wispr's response to the Delve compliance scandal — migrating to Drata, engaging A-LIGN, moving the trust center to SafeBase, and committing to a full re-audit within 6–8 weeks — is substantive and the right kind of remediation. For non-sensitive dictation by a Pro user who has manually enabled Privacy Mode (or signed the irreversible in-app BAA), Wispr Flow's cloud architecture is an acceptable trade-off.

It is not the right tool if you cannot accept audio leaving your Mac. The Delve story is not specific to Wispr Flow — it illustrates a broader fragility in audited-cloud privacy: when the audit-vendor's process is itself compromised, every certification issued under that vendor becomes provisional. That fragility is removed when the dictation never crosses the network in the first place. For lawyers, doctors, security researchers, and anyone whose dictation contains material they would not be comfortable having on a third-party server even briefly, on-device dictation is the architectural answer.

If Wispr Flow is on your shortlist, sign the BAA, enable Privacy Mode, disable Context Awareness, wait for the A-LIGN report, and re-evaluate. If those steps feel like more diligence than you want to spend on a $144/year subscription, Voibe at $198 lifetime sidesteps every one of them by removing the cloud surface entirely.

For further reading, see our full Wispr Flow review (rating + pros/cons) and Wispr Flow pricing breakdown. For comparisons against alternatives, see Wispr Flow vs. Superwhisper, Wispr Flow vs. Apple Dictation, MacWhisper vs. Wispr Flow, and VoiceInk vs. Wispr Flow. For a continuously-updated cross-product reference covering ChatGPT, Claude, Gemini, Cursor, Copilot, Voibe, and the rest of the Wispr Flow peer set on training, retention, and on-device support, see our AI Tool Privacy Tracker. For deeper privacy framing, see our Typeless privacy issues sibling investigation, our Apple Dictation privacy guide, the voice data privacy guide, the cloud vs. local dictation guide, our offline dictation privacy on Mac explainer, and the complete dictation privacy hub.