Privacy and local-first

Last updated 16 min read

Evoglyph runs on your Mac. Your voice, your transcripts, and the cleaned text never leave your device. There is no cloud transcription service, and we do not plan to build one. This page spells out what that means in practice. For a breakdown of every pipeline stage and network event, see Where your audio goes.

What stays on your Mac

Every step of dictation happens on-device:

The five network calls Evoglyph makes

Evoglyph is local-first, but it is not network-free. Here is every outbound connection the app makes, and why:

  1. License activation. When you enter your license key, Evoglyph contacts its licensing service at evoglyph.com to confirm the key is valid and claim a device slot. The request includes only your license key and a per-install, pseudonymous instance name and id (an opaque EvoGlyph- identifier — not your hostname). It does not include your Evoglyph version or any dictation content.
  2. License re-validation. Evoglyph periodically re-checks your license against its licensing service to keep your subscription state in sync (active, past-due, canceled, etc.). It sends only your license key and the stored instance id. No dictation content.
  3. Free-trial check. While Evoglyph runs without a license, it verifies your free trial against its own trial service at evoglyph.com. The request contains a one-way salted SHA-256 hash of your Mac’s hardware UUID (never the raw UUID) and, after dictations, the running count of trial words you have used. No dictation content, and no trial calls at all once you activate a license. The full exchange is spelled out in Trial counter and license activation below.
  4. Auto-update check. The Sparkle framework checks evoglyph.com’s update feed (appcast) on a schedule for new releases. The check transmits your Evoglyph version and macOS version so we can serve the right update file. We rely on standard web server access logs only.
  5. First-run model download. The Parakeet transcription model and the optional MLX cleanup model are downloaded once, on first use, from Hugging Face (huggingface.co), a third-party public model host. The small NLI “edit-check” model used by cleanup is downloaded from downloads.evoglyph.com (Evoglyph’s own Cloudflare storage). These are hash-verified model files, not telemetry; after the download, they run from your local disk.
  6. Trial start (trial only). On first launch, Evoglyph registers your free trial with Evoglyph’s licensing service so the 3,000-word / 7-day limit can be enforced. The request contains a single pseudonymous device hash (an opaque identifier — not your name, email, or any dictation content); the server records the trial start time against it. See Trial counter and license activation below for exactly what the trial ledger stores.
  7. Trial usage sync (trial only). During the trial, Evoglyph periodically syncs your running trial word total — a single cumulative number — to the licensing service, keyed by the same device hash, so the word limit cannot be reset by deleting local data. The payload is the device hash and that one number. No audio, no transcripts, no app names — ever.

First-party crash and error reporting is not in this list because it is off by default. If you opt in (Settings → Diagnostics), it adds a sixth outbound channel to Evoglyph’s own server at diag.evoglyph.com. See What you can turn off below.

What Evoglyph never does

Evoglyph does not:

What you can turn off

You control every optional channel from Settings → Diagnostics:

License activation and re-validation cannot be disabled; Evoglyph must verify your license to enable dictation. The re-validation cadence is conservative and the payload contains no dictation content. The free-trial check works the same way while you are unlicensed: it cannot be turned off, because it is what enforces the trial. See Trial counter and license activation.

Trial counter and license activation

The trial gives you up to 3,000 words of successful dictation, or 7 days from first launch, whichever ends first, before you need an active license. The counter increments only when text is successfully injected into your focused app; silent dictations and failed injections do not count.

The trial is enforced server-side. A counter that lived only on your Mac could be reset by deleting the app’s data, so Evoglyph checks the trial against its own trial service. Here is the entire exchange:

Each response comes back cryptographically signed and Evoglyph caches it locally, so the trial keeps working offline within its window rather than phoning home on every dictation.

The trial limit is enforced server-side. At first launch Evoglyph registers the trial with its licensing service, and during the trial it syncs your running word total (network calls 5 and 6 above). The server keeps one trial record per device, keyed by a pseudonymous device hash, containing: the trial start time, the cumulative word count, the word/day limits, and an active/exhausted flag. That is the entire record — it holds no audio, no transcripts, no app names, and no name or email (the trial requires no account). Its only purpose is making the trial limit stick across reinstalls; it is not usage analytics, and outside of this single trial total we keep no record of your dictation usage at all.

Activating your license calls Evoglyph's licensing service with your license key. It does not transmit any dictation content. After activation, your license state is stored locally and the trial service is no longer contacted.

How to audit Evoglyph yourself

You do not have to take our word for any of this. To verify Evoglyph's network behavior:

A note on the landing site

Everything above describes the macOS app. The marketing site at evoglyph.com is a separate surface, and how we measure it is deliberately minimal.

How we count visits. evoglyph.com loads no analytics beacon and no client-side analytics script — open your browser’s developer tools and you will see the site make no request to any analytics vendor. Instead, Cloudflare (which already serves the site) counts page visits in aggregate at its edge, the same place it routes the request. That edge-side count gives us totals, referring sites, and the country a request came from. It uses no cookie, sets no client-side storage, builds no per-visitor profile, and Evoglyph stores no IP address. It counts page visits — not which buttons you click. It does not see your dictation content, your trial record, or your license.

How we count downloads (and where a click came from). When you click a “Download for macOS” button, the site routes through a /download endpoint that redirects you to the installer and records one anonymous, aggregate download event in our Cloudflare D1 database. That event contains: the date; the country and a coarse region your request came from (derived at Cloudflare’s edge); the app version; and an aggregate attribution tag — the host name of the page that referred you (e.g. news.ycombinator.com, host only) plus any campaign tags in the link (the utm_source, utm_medium, and utm_campaign values, each truncated and allowlisted to plain campaign labels). It sets no cookie, stores no IP address, keeps no full referring URL and no query string, and writes no per-visitor identifier — two downloads can never be tied back to the same person. The data exists only in aggregate.

How we measure the docs. Each docs article has a “Was this helpful?” Yes/No control at the bottom. Clicking it records one anonymous event in our Cloudflare D1 database: the article slug, the yes/no verdict, and the country derived at Cloudflare’s edge — nothing else. A “No” also triggers a notification email to [email protected] containing the same three fields. No cookie, no IP, no identifier of any kind; two clicks can never be tied to the same person, and there is no reader to reply to.

Why there is no cookie banner. A consent banner is required when a site stores information on, or reads information from, your device for purposes that are not strictly necessary (the EU ePrivacy rule, Art. 5(3)). The public marketing and docs pages at evoglyph.com do neither: they set no cookie, write nothing to your browser, and load no client-side script that reads your device. Two strictly-necessary cookies exist behind explicit actions: signing in at /account sets an HttpOnly session cookie whose only job is keeping you signed in (it expires after 30 days and is deleted on sign-out), and the private, access-controlled admin area sets a CSRF-protection cookie. Both are functional, are never used for tracking or analytics, and fall under the Art. 5(3) strictly-necessary exemption — so no consent banner is required for them either. The aggregate analytics above are processed under our legitimate interest in understanding our audience and running the business (GDPR Art. 6(1)(f)), documented in an internal Legitimate Interest Assessment. The coarse, edge-derived country and region are not used to identify you and are not treated as personal data tied to an individual. We mention all of this here so you see both surfaces — the app and the site — in one place.

This page is the Evoglyph privacy policy. Below is who processes your data, how long it sticks around, and how to make a privacy request.

Who controls your data

Evoglyph is operated by Eluketronic LLC, a New York limited liability company, 447 Broadway, 2nd Floor #1266, New York, NY 10013, USA. Eluketronic LLC is the controller of the personal data described in this policy. To exercise any of your rights or ask a privacy question, email [email protected].

Third-party processors

Evoglyph is local-first, so the list of services we share data with is short. Each one is named above with the exact payload it receives:

We do not use ad networks, retargeting pixels, or session-replay tools. The list above is exhaustive.

International data transfers

Eluketronic LLC is based in the United States, and our processors — Stripe, Cloudflare, and Resend — are US companies that process this billing-side data in the United States. If you are in the EU, the UK, or another region with data-transfer rules, your personal data is transferred to and processed in the United States. Where the law requires it, those transfers rely on appropriate safeguards, such as the Standard Contractual Clauses (and each processor’s own transfer mechanism, e.g. the EU–US Data Privacy Framework where applicable). Your dictation never leaves your Mac, so it is never transferred to any of these processors.

Retention

Legal bases for processing (GDPR)

If the GDPR (EU/UK) applies to you, we rely on the following legal bases for the billing-side data we process:

Your rights

Under the GDPR (EU/UK) and similar privacy laws, you have the right to:

You also have the right to lodge a complaint with your local data protection or supervisory authority. We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

Because Evoglyph is local-first, the personal data we hold is limited to your billing-side records: your Stripe order record, your license and entitlement record, the device labels tied to your activations, the pseudonymous free-trial record keyed by a one-way device hash, and the raw billing event records described under Retention. Email [email protected] with the subject "Privacy request" and we will respond within 30 days.

California privacy rights (CCPA/CPRA)

If you are a California resident, the CCPA/CPRA gives you specific rights. The categories of personal information we collect, where they come from, and why:

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA (“share” meaning cross-context behavioral advertising). Because no sale or sharing occurs, no “Do Not Sell or Share My Personal Information” link is required. We provide notice of collection through this policy. California residents may exercise the right to know, delete, and correct their personal information, and the right to opt out of any sale or sharing — and we will not discriminate against you for exercising any of these rights. To make a request, email [email protected].

Data-breach notification

If a data breach affects your personal data, we will notify affected users without undue delay and the relevant supervisory authority where the law requires.

Children’s data

Evoglyph is not directed to children, and we do not knowingly collect personal data from children.

Changes to this policy

Material changes will be noted at the top of this page with a new "Last updated" date and, if substantive, a note in the Evoglyph changelog. The most recent revision date is at the top of this article.

Was this helpful?