Privacy Policy
Last updated: March 16, 2026
InnovaAI ("we", "us", "our") operates Dicta, a voice-to-text dictation application. This Privacy Policy explains how we collect, use, and protect your information when you use our service.
1. Information We Collect
Account Information:
- Email address (for registration and login)
- Hashed password (we never store passwords in plain text)
- Subscription plan and usage count
Device Information:
- Device name (hostname) for device management
- Platform type (Windows, Android)
2. Audio Data
Your audio is processed as follows:
- Audio is recorded locally on your device and sent to our server only for transcription.
- Our server forwards the audio to third-party transcription APIs (Groq or OpenAI Whisper) for processing.
- Audio is NOT stored on our servers. It is processed in memory and immediately discarded after transcription.
- Transcribed text is returned to your device and is NOT stored on our servers.
3. Local Mode (BYOK)
If you use Dicta in local mode with your own API keys (Bring Your Own Key), your audio is sent directly from your device to the transcription API provider. No data passes through our servers.
4. Authentication Tokens
JWT authentication tokens are stored locally on your device:
- Desktop: %APPDATA%\Dicta\auth.json
- Web: Browser localStorage
5. Third-Party Services
We use the following third-party services for transcription:
- Groq (groq.com) — Whisper large-v3 transcription API
- OpenAI (openai.com) — Whisper transcription API
- Anthropic (anthropic.com) — Claude Vision for Smart Mode context
Each provider has their own privacy policy governing how they handle data sent to their APIs.
6. Data We Do NOT Collect
- We do not store your audio recordings
- We do not store your transcribed text
- We do not use cookies or tracking pixels
- We do not sell or share your data with advertisers
- We do not collect screenshots (Smart Mode screenshots are processed in memory and discarded)
7. Data Security
We use industry-standard security measures:
- Passwords are hashed with Argon2 (no plain text storage)
- All API communication uses HTTPS/TLS encryption
- JWT tokens expire after 1 hour (access) and 30 days (refresh)
8. Your Rights
You have the right to:
- Request deletion of your account and all associated data
- Export your usage data
- Opt out of cloud mode entirely by using local mode (BYOK)
9. Children's Privacy
Dicta is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes via email or an in-app notice.
11. Contact
For questions about this Privacy Policy, contact us at:
InnovaAI · La Paz, Bolivia