Privacy Policy

At Velocity, we believe your voice data is yours. This Privacy Policy explains how we collect, use, and protect your information when you use our macOS dictation application and related services.

TL;DR: We process your audio for transcription only. We don't store audio permanently. Offline mode keeps everything on your device. We're GDPR compliant.

Audio Data

When using Cloud Mode, your audio is streamed to our servers (powered by Cloudflare Workers) for transcription. Audio is processed in real-time and is not stored after transcription is complete.

When using Offline Mode, audio never leaves your device. All processing happens locally using the Whisper AI model.

Account Information

When you create an account, we collect your email address and authentication details. If you use OAuth (Google, GitHub), we receive your email and profile picture from the provider.

Usage Data

We track basic usage metrics to improve our service, including:

• Number of transcription minutes used
• Feature usage (cloud vs. offline)
• Error rates for debugging

We use PostHog for analytics. You can opt out of analytics in the app settings.

Corrections & Vocabulary

When you make corrections to transcribed text, we may store these corrections to improve accuracy for your account. This data is encrypted and tied only to your account.

• Transcription: To convert your speech to text
• Personalization: To improve accuracy based on your vocabulary and corrections
• Billing: To track usage and process payments
• Support: To help you if you contact us
• Improvement: To make Velocity better (aggregate, anonymized data only)

All data is stored on Cloudflare's infrastructure (D1 database, R2 storage). Data is encrypted at rest and in transit. We use industry-standard security practices including:

• TLS 1.3 for all network communication
• AES-256 encryption for stored data
• Regular security audits
• SOC 2 compliant infrastructure

Audio: Processed in real-time, never stored

Account data: Retained while your account is active. Deleted within 30 days of account deletion request.

Usage logs: Retained for 90 days for debugging, then aggregated/anonymized.

Corrections/vocabulary: Retained until you delete them or delete your account.

We use the following third-party services:

• Cloudflare: Infrastructure, CDN, and Workers AI
• Deepgram: Cloud speech-to-text engine
• Stripe: Payment processing
• PostHog: Analytics (opt-out available)
• Crisp: Customer support chat
• Sentry: Error tracking

Each service has its own privacy policy. We only share the minimum data necessary for each service to function.

Under GDPR, CCPA, and other privacy laws, you have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Portability: Export your data
• Object: Opt out of analytics
• Restrict: Limit how we process your data

To exercise any of these rights, email us at privacy@velocity.app.

Agency tier users can provide their own Deepgram or OpenAI API key. When using BYOK, your audio is sent directly to your chosen provider. Velocity does not store or process this audio—it's between you and your API provider.

Velocity is not intended for users under 13 years of age. We do not knowingly collect data from children under 13. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We'll notify you of significant changes via email or in-app notification. The "last updated" date at the top reflects the most recent revision.

Questions about this Privacy Policy? Contact our Data Protection Officer:

• Email: privacy@velocity.app
• Address: Velocity Inc., 123 Example Street, San Francisco, CA 94102