Privacy Policy
1. What We Collect
When you sign in with Apple or Google, we receive your email address and a unique user ID. We do not receive your name unless you choose to share it.
During a dictation session we temporarily receive your audio in order to transcribe it. We also collect usage statistics including word count and session duration to power your personal dashboard.
2. How We Use Your Data
How your speech is processed depends on the workflow you pick. In the default cloud workflow, your audio is sent to OpenAI to be transcribed — and may in some cases be routed to another speech-to-text provider (Deepgram or ElevenLabs) — and the resulting text may be sent to OpenAI again for grammar and punctuation clean-up. Audio is never stored — it is deleted immediately after transcription.
If you choose an on-device model (Whisper or Parakeet for transcription; Apple's models for clean-up), everything runs locally — your audio and text never reach our servers. If you bring your own API key (BYOK), text is sent straight from your device to the provider you chose, never through Hovor.
Usage statistics are stored to display your productivity history (words per day/week/month) and are not shared with third parties.
3. Third-Party Services
- OpenAI, Deepgram & ElevenLabs — cloud speech-to-text and text clean-up. By default audio goes to OpenAI; in some workflows it may instead be transcribed by Deepgram or ElevenLabs. Audio and text are sent over TLS and are not retained beyond the request.
- On-device & your own keys — pick an on-device model and nothing leaves your device. With BYOK, text goes straight to the provider you chose (OpenAI, Anthropic, or a custom endpoint) using your key — never through us.
- Apple / Google — authentication only. We receive only what you authorize during sign-in.
We do not sell, rent, or share your personal data with any other parties.
4. Data Storage
User accounts and usage statistics are stored in a PostgreSQL database hosted on a secure cloud server. Session tokens are encrypted at rest. Connection to our server uses TLS 1.2 or higher.
5. Your Rights (GDPR)
If you are located in the EU or EEA, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and all associated data
- Receive your data in a portable format
To exercise any of these rights, delete your account via the web cabinet or email us at kyrylo.holovchenko@gmail.com.
6. Cookies
The web cabinet uses a single session cookie to keep you signed in. This cookie is HttpOnly, Secure, and SameSite=Strict. No analytics or advertising cookies are used.
7. Contact
Questions about this policy? Reach us at kyrylo.holovchenko@gmail.com.