Is Wisprtype Safe? Local by Default, Closed Source (2026)
Is Wisprtype safe? Dictation runs on-device by default with cloud opt-in. But it's closed-source, telemetry shipped on in v1.1.0, and no entity is named.
Is Wisprtype Safe? The Direct Answer
TL;DR: Wisprtype's architecture is genuinely privacy-first β and that deserves credit. By default, all transcription runs on-device through WhisperKit on Apple Silicon, the cleanup model (Llama 3.2 3B) runs locally through Apple's MLX framework, and the privacy policy commits that “cloud providers are never used unless you explicitly configure them by entering an API key and selecting cloud mode in Settings.” Audio is not retained after transcription. There is no account, no vendor server in the audio path, and no price tag.
The reservations are about verification and accountability, not architecture:
- The one shipped default we could test contradicted the policy. Wisprtype's privacy policy says telemetry is “disabled by default,” but our hands-on test of v1.1.0 found PostHog telemetry on by default (opt-out at Settings β Privacy). As of July 2026 the current download is still v1.1.0, so that finding still applies to the build you would install today.
- It is closed-source, so βprivate by defaultβ can't be audited. There is no public repository, no legal entity named anywhere on the site, no terms of service page at all, and no Wayback Machine snapshot history of the privacy policy β if the policy changed tomorrow, there would be no independent record.
- It is roughly two months old with zero third-party review surface. The domain was registered April 28, 2026. There is no Product Hunt listing, no App Store presence, no G2 or Trustpilot profile, and no compliance attestation of any kind.
So: for personal, non-sensitive dictation on a Mac you control, Wisprtype is a reasonable free tool β install it, then immediately flip telemetry off. For business, client-confidential, or regulated work, the missing entity, terms, audit trail, and the policy-versus-binary telemetry gap rule it out for now. If you want on-device dictation from a vendor with a named company, published terms, and telemetry-free shipped defaults, Voibe is built exactly that way β per its privacy policy, “the Voibe application processes your voice entirely on your device. No audio is transmitted to our servers at any point.”
Disclosure: Voibe is our product. This investigation credits Wisprtype's genuine architectural strengths and flags its specific verification limits as fairly as possible. Wisprtype's claims are quoted from its privacy policy at wisprtype.com/privacy-policy (effective April 29, 2026) and its homepage as retrieved July 6, 2026; the telemetry finding comes from our own v1.1.0 hands-on testing documented in our Wisprtype review.
Key Takeaways: The Wisprtype Safety Picture
| Area | Current State (July 2026) | Source |
|---|---|---|
| Processing architecture | On-device by default: six local Whisper models via WhisperKit (Base is the default), local Llama 3.2 3B cleanup via MLX. | wisprtype.com privacy policy Β§1 |
| Cloud path | Strictly opt-in BYOK: OpenAI gpt-4o-transcribe, Groq whisper-large-v3-turbo, or Deepgram nova-3. Requires an API key and a mode switch; no fallback clause exists. | Privacy policy Β§3 |
| Audio retention | “Audio recordings are processed in real time and are not retained after transcription completes, unless you explicitly save them.” | Privacy policy Β§2.1 |
| Transcript storage | Raw and cleaned transcripts, target app names, and settings live in a local SQLite database β “never transmitted to our servers.” Kept until you delete them. | Privacy policy Β§2.1, Β§6 |
| Telemetry: policy vs binary | Policy: PostHog telemetry “disabled by default.” Our v1.1.0 hands-on: on by default, opt-out at Settings β Privacy. Still v1.1.0 as of July 6, 2026. | Policy Β§2.2 + our review testing |
| AI training | The policy is silent β the words βtrainβ or βtrainingβ do not appear. Structurally there is no Wisprtype server in the audio path to train from; BYOK cloud audio falls under each provider's own terms. | Privacy policy (full text) |
| API key storage | BYOK keys are stored in the app's local SQLite key-value store, not the macOS Keychain. | Privacy policy Β§2.1, Β§5 |
| Source code | Closed-source. No official repository exists; the developer's GitHub account has no Wisprtype repo. | Our review + GitHub search |
| Legal entity / terms | No entity named anywhere; no governing-law clause; no terms-of-service page (returns 404). Contact is a form and contact@wisprtype.com. | wisprtype.com (full site) |
| Compliance attestations | None. No SOC 2, ISO 27001, HIPAA claim, BAA, or DPA. | wisprtype.com (absence, full site) |
| Website tracking | The wisprtype.com site itself runs Google Analytics plus PostHog served through a first-party proxy β not covered by the app privacy policy. | Page source, July 2026 |
| Company age | Domain registered April 28, 2026; v1.0 launched around May 2, 2026. Solo developer Piyush Garg; free forever with no visible revenue model. | Verisign RDAP + piyushgarg.dev |
| Third-party signal | None yet: no Product Hunt, Mac App Store, G2, Capterra, or Trustpilot presence. Our hands-on review scored it 6/10. | Our Wisprtype review |
| Public incidents | None reported. | Public sources, July 2026 |
| Privacy alternative | On-device tools with a named vendor (Voibe) or auditable source (VoiceInk, Handy) close the verification gap. | Architectural comparison |
The rest of this article walks through each row: what the local-by-default architecture actually covers, what the policy says and leaves out, why the telemetry finding matters more than its data scope suggests, and a decision tree for whether Wisprtype fits your work.
How Wisprtype Processes Your Voice: Local by Default, BYOK Cloud Opt-In

Wisprtype is a free dictation app for Apple Silicon Macs from indie developer Piyush Garg, released in early May 2026. Architecturally it is the real thing: the default transcription path never leaves the machine.
- Local speech-to-text (default). Six Whisper variants run on-device through WhisperKit β Tiny (~75 MB), Base (~150 MB, the default), Small, Medium, Large v3 (~3 GB), and Distil-Whisper Large v3. Per the privacy policy: “By default, all speech-to-text processing happens entirely on your device.”
- Local cleanup (default). Smart Typing β the step that strips βum,β fixes self-corrections, and adds punctuation β runs Llama 3.2 3B on-device through Apple's MLX framework. Model weights download from Hugging Face on first use, then inference is local.
- Cloud transcription (strictly opt-in). Three BYOK providers are available β OpenAI gpt-4o-transcribe, Groq whisper-large-v3-turbo, and Deepgram nova-3. Enabling one takes two deliberate steps: paste an API key and switch the engine mode. The policy states cloud providers “are never used unless you explicitly configure them,” and no silent-fallback provision exists anywhere in the policy or on the site.
- Local data at rest. Transcription history (raw and cleaned text, the app you dictated into, duration, engine used) is stored in a local SQLite database under your macOS Application Support directory β “never transmitted to our servers,” and kept until you delete it. The policy also states: “No data is synced to iCloud, external servers, or other devices.”
Two things are worth naming plainly. First, this is the same architectural family as the on-device tools we recommend β audio processed locally, nothing transmitted by default. Second, when you do opt into a cloud engine, Wisprtype steps out of the picture entirely: audio goes to the provider under your API agreement, Wisprtype offers no data processing agreement, and its policy simply tells you to “review each provider's privacy policy.” For how those provider postures compare, see our AI Privacy Tracker.
What Wisprtype's Privacy Policy Says β and What It Leaves Out
Wisprtype's privacy policy (effective April 29, 2026 β one day after the domain was registered, and unrevised since) is short, specific, and mostly favorable. The commitments that matter:
- Architecture: “WisprType is built with a privacy-first architecture. By default, all speech-to-text processing happens entirely on your device using WhisperKitβ¦ No audio, transcriptions, or personal content leave your machine unless you explicitly opt into a cloud provider or anonymous telemetry.”
- Audio: “Audio recordings are processed in real time and are not retained after transcription completes, unless you explicitly save them.”
- Telemetry scope: PostHog, with a random installation ID, feature-usage events, and engine-mode and word-count metadata β and an explicit exclusion list: never audio, never transcript text, never dictionary words, never name, email, or Apple ID. IP geolocation is disabled and all property strings are truncated to 64 characters.
- Cloud: the “never used unless you explicitly configure them” commitment quoted above, plus a plain statement that your API keys stay local and “are stored locally and used solely to authenticate requests you initiate.”
What the policy leaves out is where the safety assessment gets harder:
- Training is never addressed. The words βtrainβ and βtrainingβ do not appear. The structural reading is favorable β Wisprtype operates no servers that receive your audio, so there is nothing to train on β but a written commitment would bind the cloud-mode and telemetry edges too. Peers have learned this lesson: the same silence is the load-bearing caveat in our Aqua Voice investigation.
- No entity, no terms, no governing law. The policy names no company, and wisprtype.com has no terms-of-service page at all β the footer links only Privacy and Contact, and /terms returns a 404. There is nothing to sign, and no jurisdiction stated for disputes.
- The website's own tracking isn't covered. wisprtype.com runs Google Analytics plus PostHog loaded through a first-party proxy subdomain β a setup that keeps analytics working when ad-blockers block posthog.com. That's for the website, not the app, but no website privacy or cookie policy discloses it.
- No independent history. The Wayback Machine holds zero snapshots of wisprtype.com. Policy changes are announced via “the application's release notes” β and there is no public changelog page. If wording changes, there is no independent record to diff against.
The Verification Gap: Closed Source Plus a Policy-vs-Binary Mismatch
The single most important Wisprtype finding is not in the policy β it is in the shipped app. The privacy policy states telemetry is “disabled by default and can be toggled at any time in Settings β Privacy.” In our hands-on testing of v1.1.0 for the Wisprtype review, telemetry was on by default; flipping the toggle off stopped analytics events on the next launch. Either the policy is aspirational and predates the binary, or the binary regressed against the policy β we could not determine which. As of July 6, 2026 the download on wisprtype.com is still v1.1.0, so the finding applies to the current build.
To be fair about scale: the telemetry payload is conservative β a random install ID, feature events, engine mode, and word counts, with audio, transcripts, and identity explicitly excluded. This is not a data-harvesting scandal. It matters for a different reason: for a closed-source app, shipped defaults are the only policy claim you can actually test β and the one testable claim failed. The site's machine-readable marketing (an agent-facing skills file that tells AI assistants telemetry is “opt-in”) repeats the same claim the binary contradicts.
This is where the Dictation Trust Ladder helps place Wisprtype honestly. On the top rung, open-source on-device tools β VoiceInk (GPL v3) and Handy (MIT) β let you read the code, build the binary, and watch the network: every claim is checkable. On the middle rung sit closed-source local apps β Wisprtype, and yes, Voibe too β where you verify with the policy plus a network monitor, and the differentiators become accountability: a named legal entity, published terms, a track record, and defaults that match the paperwork. On the bottom rung, cloud tools ask you to trust server-side handling you can never observe, with third-party audits as the substitute.
Wisprtype's problem is that it currently fails the middle rung's accountability tests: no entity, no terms, a two-month track record, no third-party reviews, and the telemetry mismatch. One more small-but-telling detail from the policy itself: BYOK API keys are stored in the app's local SQLite store rather than the macOS Keychain β local either way, but the Keychain is the platform's purpose-built secret store, and the choice is the kind of thing source access would let you evaluate.
The Wisprtype Safety Decision Tree
Use the Wisprtype Safety Decision Tree to decide whether Wisprtype is safe enough for your situation. Work through the five questions in order and stop at the first one where you cannot accept the answer Wisprtype currently gives.
- Are you dictating personal, non-sensitive content on your own Mac? If yes β Wisprtype is a reasonable free choice, and its local-by-default architecture is genuine. Install it, then immediately open Settings β Privacy and flip telemetry off, because v1.1.0 ships with it on despite the policy. If your content or environment is more demanding, continue.
- Will you enable a BYOK cloud engine (OpenAI, Groq, or Deepgram)? If yes β your audio (and in cloud Smart Typing, your transcript text) leaves the Mac under the provider's API terms. Wisprtype offers no DPA and makes no commitments on the provider's behalf. Read the provider's data-usage policy before routing anything sensitive. If you stay local-only, continue.
- Does your work require a vendor you can hold accountable? If yes β Wisprtype names no legal entity, publishes no terms of service, and is roughly two months old with no visible revenue model. There is no contract to sign and no one to sign it with. For business procurement, that is disqualifying today. If personal accountability doesn't apply, continue.
- Is your content under HIPAA, attorney-client privilege, or NDA? If yes β Wisprtype is ruled out: no SOC 2, no ISO 27001, no HIPAA claim, no BAA, and no entity that could execute one. The on-device architecture helps structurally, but compliance frameworks require accountable parties, not just good architecture. See our HIPAA dictation guide for the pathway.
- Do you want shipped defaults that match the paperwork? If yes β choose an on-device tool whose one testable promise held: Voibe ships with no telemetry and a named company behind it, and VoiceInk and Handy let you verify the binary yourself because the source is open.
The pattern: Wisprtype's architecture answers questions 1 and 2 well. Questions 3 through 5 β accountability, compliance, and verified defaults β are where a two-month-old, closed-source, entity-less free app cannot yet compete.
Cross-Product Privacy Posture Comparison
Wisprtype sits on the on-device side of the dictation privacy spectrum β the right side to be on β but with the weakest accountability surface of the local tools we have investigated. Here is the peer picture.
| Product | Data Path | Source Model | Entity & Terms | Verdict for Sensitive Work |
|---|---|---|---|---|
| Voibe | On-device on Apple Silicon | Closed-source | Named company, published terms and privacy policy | Strong (no cloud surface, accountable vendor) |
| VoiceInk | On-device (whisper.cpp) | Open-source GPL v3 | Solo developer, auditable code | Strong (verifiable end to end) |
| Handy | On-device (multiple local models) | Open-source MIT | Solo developer, auditable code | Strong (verifiable end to end) |
| Wisprtype | On-device by default; BYOK cloud opt-in | Closed-source | No entity, no terms of service | Fine for personal use (telemetry off); accountability gap blocks professional use |
| Apple Dictation | On-device on Apple Silicon (cloud fallback undocumented) | Closed-source (OS component) | Apple Inc. | Good baseline; see our Apple Dictation privacy guide |
| Wispr Flow | Cloud-only | Closed-source | Wispr AI, Inc.; SOC 2 II + ISO 27001 + HIPAA BAA | Acceptable with BAA; audio still leaves the device |
| Voicy | Cloud-only (via Groq) | Closed-source | UAE free-zone entity; no attestations | Everyday use only β see our Voicy investigation |
The notable contrast is within the local family: VoiceInk and Handy resolve the closed-source question by opening the code; Voibe resolves the accountability question with a named company, published terms, and shipped defaults that match its policy. Wisprtype currently resolves neither β which is a solvable, young-product problem, but a real one today. For the full cross-tool matrix across 30 AI tools, see our AI Privacy Tracker.
No Entity, No Terms, No Track Record: The Accountability Question
Everything about Wisprtype's provenance is consistent with a promising two-month-old solo project β which is exactly how a safety assessment should treat it.
- Age: the wisprtype.com domain was registered on April 28, 2026 (with a one-year registration); the privacy policy is effective April 29; v1.0 launched around May 2, 2026. The app has had one release since (v1.1.0) and none between May and July.
- Maintainer: Piyush Garg, an India-based software engineer and educator, who lists Wisprtype among his products alongside a learning platform. He is a real, findable person β that is better than anonymous β but a person is not an entity: no LLC or Ltd appears on the site, in the policy, or in any store listing (there are no store listings).
- Economics: Wisprtype is “free forever” per the homepage, with no paid tier and no visible revenue model. Free is genuinely good for users β and it also means no commercial backstop for maintenance, security patches, or support if the maintainer's priorities change. Our Wisprtype pricing guide covers what βfreeβ does and doesn't include.
- Third-party signal: two months in, there are no Product Hunt, Mac App Store, G2, Capterra, or Trustpilot listings and no independent editorial reviews we could find β the most visible coverage is a promotional LinkedIn post. Our own hands-on review (6/10) appears to be the only detailed third-party evaluation published so far.
None of this is an accusation β it is a maturity reading. The practical consequence: treat Wisprtype as personal-tool-grade today. If dictation sits inside a billable, regulated, or business-critical workflow, wait for the accountability surface (entity, terms, track record, third-party reviews) to catch up with the architecture β or use a tool that already has it.
The Five-Step Wisprtype Safety Audit
Run this five-step audit before relying on Wisprtype for anything where data handling matters. Each step takes 2β10 minutes.
- Flip telemetry off on first launch. Open Settings β Privacy, disable telemetry, and restart the app β v1.1.0 ships with it enabled despite the policy's “disabled by default” wording. If you want proof, run Little Snitch (or any outbound firewall) and confirm no analytics events fire after the restart.
- Confirm you are on the local engine. If you have never pasted an API key and switched to cloud mode, the policy's commitment is that no cloud provider is ever used. A network monitor during dictation should show no outbound traffic β the same zero-transmission test we recommend for any local tool. Note the one expected exception: model weights download from Hugging Face on first use of a new model.
- Treat transcription history as data at rest. Wisprtype keeps raw and cleaned transcripts plus target app names in a local SQLite database until you delete them. Local is good β but if you dictate sensitive material, clear the history periodically and make sure FileVault is on, because anyone with access to your user account can read that file.
- If you enable BYOK cloud, audit the provider instead. In cloud mode your audio (and in cloud Smart Typing, your transcript text and dictionary words) goes to OpenAI, Groq, or Deepgram under your own API agreement β Wisprtype provides no DPA. Read the provider's retention and training terms, and note your API key sits in Wisprtype's local database rather than the macOS Keychain.
- Apply the regulated-work disqualifier. No entity, no terms, no attestation, no BAA: if your dictation includes PHI, privileged material, or NDA-bound content, Wisprtype is out regardless of architecture. Use the HIPAA pathway or an accountable on-device vendor.
If any step fails or feels uncomfortable, the fix is not a better cloud policy β it is an on-device tool whose accountability surface already exists. That is the comparison we turn to next.
Voibe and Wisprtype: Same Local Architecture, Different Accountability

Voibe and Wisprtype are architectural siblings, and we say that with respect: both run Whisper-family models on Apple Silicon, both keep the default dictation path entirely on-device, and both are closed-source β so both sit on the same rung of the trust ladder, where policy plus network behavior is what you can verify. On that rung, the differences are exactly the accountability items this investigation has been circling:
- Shipped defaults match the paperwork. Voibe ships with no telemetry and no analytics SDK in the dictation path β there is no toggle to remember to flip. Per Voibe's privacy policy: “The Voibe application processes your voice entirely on your device. No audio is transmitted to our servers at any point.” Run the same Little Snitch test β outbound traffic during dictation is zero.
- A named company, published terms, and support. There is an entity to contract with, a terms page to read, and a support channel with a human behind it β the procurement basics Wisprtype doesn't have yet.
- A written no-training commitment. Voibe does not train AI on your dictation β stated in writing, not left to structural inference.
- Product maturity. Custom vocabulary for names and jargon, Developer Mode for VS Code and Cursor, Continuous Transcription for long hands-free sessions, and a release cadence that has shipped steadily through 2026 β the product surface a solo two-month-old app hasn't had time to build.
Pricing: $7.50/month, $59/year, or $149 lifetime, with all features at every tier. Wisprtype is free β genuinely β and if your needs are casual, free plus a flipped telemetry toggle is a fine answer. What the $149 buys is the accountability layer: verified defaults, a vendor on the hook, and a product roadmap. For the head-to-head economics, see our Wisprtype pricing guide and Wisprtype alternatives.
Try Voibe for Free β install, grant microphone and accessibility permissions, and dictate. No account, no credit card, no cloud, and nothing to toggle off.
Related Reading
- Wisprtype Review (2026) β The full hands-on review, including the v1.1.0 telemetry finding and the 6/10 verdict.
- Wisprtype Pricing (2026) β What βfree foreverβ includes, BYOK costs, and the sustainability question.
- Wisprtype vs Wispr Flow β The naming-collision comparison: free local indie vs venture-backed cloud.
- Best Wisprtype Alternatives (2026) β On-device and accountable options with a decision tree.
- Is VoiceInk Safe? β Sibling investigation: the open-source on-device peer that resolves the verification question with code.
- Is Handy Safe? β Sibling investigation: the free MIT-licensed cross-platform local tool.
- Is Voicy Safe? β Sibling investigation: the cloud-only peer whose promises live in scattered paperwork.
- Is Wispr Flow Safe? β Sibling investigation: the audited cloud peer (SOC 2 + HIPAA BAA).
- Is Superwhisper Safe? β Sibling investigation: the hybrid on-device + cloud peer.
- Is Spokenly Safe? β Sibling investigation: three architectures, three postures.
- AI Privacy Tracker β Cross-tool privacy posture comparison across 30 AI tools.
- Cloud vs Local Dictation β The architectural framing for the whole category.
- Best Offline Dictation Apps β The on-device field, compared.
- Voice Data Privacy β Pillar with deeper privacy frameworks.
Frequently Asked Questions
Is Wisprtype safe to use in 2026?
Does Wisprtype send your voice to the cloud?
Does Wisprtype store your dictation?
Does Wisprtype use your dictation to train AI?
Is Wisprtype's telemetry really off by default?
Who makes Wisprtype, and is there a company behind it?
Is Wisprtype HIPAA compliant?
Is Wisprtype open source?
How does Wisprtype compare to Voibe on privacy?
Ready to type 3x faster?
Voibe is the fastest, most private dictation app for Mac. Try it today.
- 100% offline
- Free to try
- No subscription
- Native Apple Silicon
- 90+ languages
Prefer to go Pro? Save 20% on any plan with code VOIBE20 View pricing β
Related Articles
Is VoiceInk Safe? Open-Source, On-Device Verdict (2026)
Is VoiceInk safe? Yes β GPL v3 open-source, on-device by default, zero telemetry found in a source audit. Nuances: BYOK cloud opt-in and local history.
Is Voicy Safe? Groq Cloud Path & Policy Gaps (2026)
Is Voicy safe? It's cloud-only β audio routes through Groq with immediate-deletion promises. But the no-training claim lives on marketing pages, not in policy.
Is Blip AI Safe? Cloud Privacy & HIPAA Verdict (2026)
Is Blip AI safe? It's cloud-only; its policy claims audio is deleted in seconds and HIPAA with a BAA on request, but no published SOC 2 audit backs it.

