Privacy Policy

Last updated: January 31, 2026

Effective date: January 28, 2026

Provider: Vishal V. Shekkar (individual)

Jurisdiction: India

Contact: [email protected]

The core principle: Murmur is designed with privacy first. Audio transcription happens on your Mac using local models. Your recordings, transcriptions, and settings never leave your computer unless you explicitly choose to use cloud services. We collect minimal anonymous telemetry (app launches and license events only) to understand how many people use Murmur. No personal information, audio, transcriptions, or usage patterns are ever sent.

Quick Links

Overview

Murmur is a voice-to-text application for macOS that respects your privacy. This policy explains what data we collect, how we use it, and what control you have.

In one sentence: We do not collect or transmit any of your personal data. Local transcription, no accounts, no tracking. The only data that leaves your Mac is minimal anonymous telemetry (app launch counts) and license validation.

On-Device Transcription (Local)

When you use Murmur with local transcription models (WhisperKit or NVIDIA Parakeet), your audio never leaves your Mac. Here's what happens:

  • Recording: Audio is captured by your microphone and stored temporarily in memory during transcription.
  • Processing: The audio is transcribed directly on your device using models that run on your Mac's Apple Neural Engine or CPU.
  • Output: Only the text result is kept. The audio file is deleted from memory after transcription (unless you save a recording).
  • Internet: No internet connection is required. Transcription is 100% offline.

Even if you're connected to the internet, your audio is never sent to any server. This is the default behavior and requires no setup.

Data We Store Locally

Murmur stores the following data on your Mac in the application's local directories and macOS's SwiftData system:

Transcription History

  • Transcription text (what you said)
  • Timestamp of the transcription
  • Language detected or specified
  • Which model was used
  • Duration of recording
  • Context metadata (optional, only if extracted with your permission)

Recordings

  • Audio files you choose to save (original recordings)
  • Audio file metadata (format, duration, file size)

Settings

  • Your chosen hotkey combinations
  • Transcription model preferences
  • Language preferences
  • UI theme and layout settings
  • Feature toggles (AI refinement on/off, context extraction on/off, etc.)

API Credentials (Cloud Services Only)

  • If you enable optional cloud services, your API keys are stored in macOS Keychain (encrypted system storage).
  • We never see, log, or transmit your API keys. They remain on your device.

Storage location: Your Mac's Application Support directory and SwiftData's local database. This data is yours and never synced to iCloud or any remote server.

What We Don't Do

To be completely transparent, here's what Murmur does NOT have:

  • No analytics services. We don't use Google Analytics, Mixpanel, Amplitude, or any third-party tracking service.
  • No crash reporting. We don't send crash logs or diagnostics to any server.
  • Minimal telemetry only. We collect anonymous event counts (app launches, license events) to understand how many people use Murmur. No feature usage, button clicks, session length, or behavioral data is tracked. See Anonymous Telemetry below for full details.
  • No profiling. We don't build a profile of your behavior, interests, or usage patterns.
  • No advertising. We don't serve ads or sell ad space.
  • No data sharing. We don't sell, rent, or share your data with third parties (except as required by law).
  • No cloud sync. Your data doesn't sync to the cloud by default.
  • No account required. You don't need to create an account or sign in.
  • No email collection. We don't collect your email address unless you contact us.

This is enforced by design. Murmur is a desktop application that runs entirely on your Mac.

Optional Cloud Services

Murmur includes optional integrations with cloud services. These are disabled by default. You must explicitly enable them and provide your own API credentials. Here's what each service does:

Cloud Transcription (OpenAI)

What gets sent: Your audio file.

When: Only when you explicitly select OpenAI as your transcription engine in settings.

API key: Your own OpenAI API key (stored in Keychain, never sent anywhere except to OpenAI).

Why: OpenAI's Whisper API may offer better accuracy than local models for your use case.

What you control: You can switch back to a local model at any time. Your recordings are stored locally regardless.

Text Refinement (OpenAI, Ollama, Cloudflare)

What gets sent: The transcribed text (not the audio).

When: Only when you enable "AI Refinement" in settings and have configured a refinement provider.

Purpose: To clean up punctuation, remove filler words, or adjust tone.

Providers:

  • OpenAI: Your own API key; text is sent to OpenAI's servers.
  • OpenAI-compatible: You provide a custom endpoint; text is sent there.
  • Cloudflare AI Gateway: Your own API token; text is routed through Cloudflare to the upstream provider you select (OpenAI, Anthropic, Google AI, Azure, Groq, Cohere, Mistral, Perplexity).
  • Ollama: Your local LLM running on localhost; text never leaves your Mac.

Default: AI Refinement is OFF. You must enable it in settings.

Important: You Control Everything

For any cloud service:

  • You provide your own API key or token.
  • You can disable the service at any time.
  • You can switch providers without losing any history.
  • Your recordings are stored locally regardless of which provider you use.

Context Extraction (Local Only)

Murmur can extract context about which app you're using. This helps with AI refinement (e.g., preserving code syntax if you're in an editor). Context extraction is local only and never sent anywhere unless you enable AI refinement with a cloud provider.

What Context Is Extracted

Context Type Extracted From What's Captured Privacy Note
Browser URL Safari, Chrome, Arc, Edge, Brave, Vivaldi, Opera, Orion URL and page title Sensitive URL parameters are filtered out
Editor Context VS Code, Cursor, Xcode, Zed Project name, file name, inferred language File contents are never read
Terminal Directory Terminal.app, iTerm2 Working directory path Command history is never read
Window Title Any app Application name and window title Requires Screen Recording permission

Privacy Filtering

URLs are automatically filtered to remove sensitive query parameters before any storage or use:

  • password, pwd, pass
  • token, auth_token, access_token
  • api_key, apikey, key
  • secret, client_secret
  • session, sessionid, sid
  • Any other common parameter containing secrets

For example: https://mysite.com/login?password=abc123&redirect=home becomes https://mysite.com/login?redirect=home

When Context Is Sent

Context is stored locally and displayed in your transcription history. It is never sent to any external service unless you explicitly enable AI refinement with a cloud provider. If you do:

  • Context is sent along with the transcribed text to your chosen AI provider.
  • The provider uses it to inform refinement (e.g., "This is code, preserve technical terms").
  • You can disable context extraction in settings at any time.

Permissions Required

To extract context, Murmur requires these macOS permissions:

  • Accessibility: To read browser URLs and editor window titles via AppleScript.
  • Screen Recording (optional): To extract window titles from any app using system APIs.

You are prompted for these permissions on first use and can revoke them in System Settings at any time.

Anonymous Telemetry

Murmur collects minimal, anonymous telemetry to help us understand how many people use the app and how often. This data cannot identify you and contains no personal information.

Why We Collect This

As an independent developer, knowing approximate user counts and whether license activation is working correctly is essential for maintaining and improving Murmur. This is the only data we collect, and it tells us nothing about what you do with the app.

What Events Are Sent

Event When It Fires What It Tells Us
app_launched Each time you open Murmur How many people use the app on a given day
license_activated When a license key is first entered How many licenses have been activated
license_validated Periodic background license check That the licensing system is working

Exact Data Sent With Each Event

Every telemetry request contains exactly these fields and nothing else:

Field Example Value Purpose
installation_id 550e8400-e29b-41d4-... Random UUID generated on first launch. Not tied to your name, email, Apple ID, or hardware. Used only to count unique installations.
app_version 1.2.0 Which version of Murmur is running
os_version Version 26.0 Which macOS version is running
event app_launched The event name (one of the three listed above)
date 2026-01-28 The calendar date (no time of day, no timezone)

What Is NOT Sent

  • No audio recordings or transcription text
  • No names, emails, Apple ID, or any account information (Murmur has no accounts)
  • No license keys
  • No IP addresses are stored (the server sees them transiently but does not persist them)
  • No device name, serial number, or hardware identifiers
  • No feature usage, settings, button clicks, or session duration
  • No timestamps more precise than the calendar date

Where It Goes

Events are sent via HTTPS to https://license-murmur.nihil.codes/v1/events, a Cloudflare Worker we operate. Data is stored in a Cloudflare D1 database (SQLite). No third-party analytics services are involved. The server is stateless and does not log IP addresses.

How It Works

The app queues events locally and sends them in batches approximately every 5 minutes. If the network is unavailable, events are stored on your Mac and retried later. Telemetry never interferes with app performance or functionality. If the server is unreachable, the app continues working normally.

Licensing & Validation

Murmur uses Dodo Payments for license validation and activation.

What Gets Sent During Activation

  • License key: The key you purchased or received in your confirmation email.
  • Machine fingerprint: A hardware-based identifier unique to your Mac (includes CPU ID, serial number, etc.). This is privacy-preserving and cannot identify you personally.
  • Device name: The name you assigned to your Mac in System Settings.

What Does NOT Get Sent

  • Your name or email address.
  • Your IP address (only used for rate limiting, never logged).
  • Any usage data, feature usage, or telemetry.

Why This Happens

License validation ensures you've purchased Murmur and prevents sharing keys across multiple Macs. The machine fingerprint allows you to use Murmur on your Mac without needing to enter a key every time you open the app.

Dodo Payments Privacy: Please review Dodo Payments' privacy policy on their website for details on how they handle this data.

Third-Party Privacy Policies

If you enable cloud services or use optional features, your data may be shared with these providers. We do not control how they handle your data. Please review their privacy policies:

Transcription & Refinement Providers

  • OpenAI (if using OpenAI transcription or refinement)
  • Cloudflare AI Gateway (if using Cloudflare-routed refinement)
  • Anthropic (if using Cloudflare + Anthropic)
  • Google AI (if using Cloudflare + Google AI)
  • Microsoft Azure (if using Cloudflare + Azure)
  • Groq (if using Cloudflare + Groq)
  • Cohere (if using Cloudflare + Cohere)
  • Mistral AI (if using Cloudflare + Mistral)
  • Perplexity (if using Cloudflare + Perplexity)

Please review each provider's privacy policy on their website before enabling cloud services.

Local Services (No External Data Sharing)

  • Ollama: Runs on your localhost. No data leaves your Mac.
  • WhisperKit: Open-source. Runs locally. No data collection.
  • NVIDIA Parakeet: Open-source. Runs locally. No data collection.

Licensing & Payment

  • Dodo Payments: Handles license validation and payment processing. Please review their privacy policy on their website.

Security

Local Storage

  • Transcriptions and recordings are stored on your Mac's disk in your user directory (Application Support).
  • macOS file system permissions ensure only your user account can access this data.
  • If your Mac uses FileVault encryption, this data is encrypted at rest.

API Keys & Credentials

  • API keys for cloud services are stored in macOS Keychain, which provides encrypted storage.
  • Keys are never logged, printed, or transmitted except to the intended service.

Audio in Memory

  • During recording and transcription, audio is held in memory.
  • After transcription completes, audio is cleared from memory (unless you explicitly save a recording).

Transport Security

  • All communication with external services uses HTTPS (TLS 1.2 or higher).
  • Certificate pinning is used for critical endpoints to prevent man-in-the-middle attacks.

Server-Side Data

  • Anonymous telemetry events (app launches, license events) are stored in a Cloudflare D1 database. This data contains no personal information and cannot be traced to any individual.
  • License validation data may be retained by Dodo Payments per their retention policy.
  • No audio, transcriptions, settings, or personal data is stored on any server.

Your Rights

Depending on your location, you may have certain rights regarding your data:

Right to Access

You can access all your data: transcriptions, recordings, settings. Simply open Murmur and review your history. All data is on your Mac.

Right to Delete

You can delete any transcription or recording from Murmur's history at any time. You can also delete all data by removing the Murmur application and its data folder.

Right to Portability

Your transcriptions and recordings are stored in standard formats on your Mac. You can export them or access them directly from the Application Support directory.

Right to Opt-Out

You can disable any optional feature:

  • Disable cloud services: Switch to local models in settings.
  • Disable context extraction: Toggle off in settings.
  • Disable AI refinement: Toggle off in settings.

GDPR, CCPA, LGPD Compliance

If you are in the European Union, California, Brazil, or another jurisdiction with privacy laws:

  • Data minimization: We collect only what's necessary for the app to function.
  • Purpose limitation: Data is used only for transcription and local storage.
  • User consent: Cloud services and context extraction require your explicit opt-in.
  • No profiling: We don't profile, track, or target you based on behavior.
  • Data controller: You are the controller of your data (it's on your Mac).

Contact

If you have questions about this privacy policy, your data, or Murmur's privacy practices, please contact us:

We aim to respond to privacy inquiries within 30 days.

Disclaimer: This is a template for informational purposes. Consult with a qualified attorney for legal advice specific to your situation. Privacy laws vary by jurisdiction, and this policy reflects our best understanding as of January 28, 2026. We will update this policy if our practices change.

Last updated: January 31, 2026
Version: 1.1