SaidVault is local-first by design. Your audio, your transcripts, and the metadata around them stay on your device. This policy explains what limited information we do handle — purchase data, licence keys, support emails — and what your rights are under the GDPR and equivalent laws.
1. Data controller
The data controller for the limited personal data described below is:
Maciej Klunder (sole trader, trading as SaidVault)
Warsaw, Poland
Email: support@saidvault.com
2. Core privacy principle
Your recordings, your transcripts, and your conversation content never leave your computer because of SaidVault.
Transcription runs entirely on your Mac using a Whisper model that has been downloaded to your device. We do not operate a transcription cloud. We do not see, store, or have any way to access:
- The audio or video files you transcribe.
- The text of your transcripts, voice notes, or dictation captures.
- Your search queries inside the app.
- Speaker names or any annotations you add.
- Your contacts, photos, microphone input outside an active recording, location, or camera feed.
3. What is stored locally on your Mac
SaidVault keeps the following data on your device only. None of it is transmitted to us.
- Library database: the SQLite file that holds your transcripts, voice notes, history, and segment timestamps. Default location:
~/Library/Application Support/SaidVault/ - Whisper models: the model files you have downloaded (Tiny / Base / Small / Medium / Large).
- Cached licence state: your licence key and the Ed25519-signed licence token, so the app works offline between checks.
- Preferences: language, default model, dictation shortcut, theme.
- Diagnostic logs: recent app logs that you can inspect locally for troubleshooting.
- Exports: any TXT, PDF, or SRT files you have exported, in the location you chose.
You can delete all SaidVault data at any time by quitting the app and removing its Application Support folder.
4. Internet connections SaidVault makes
SaidVault is offline-capable for transcription. It only contacts the network for the following purposes:
| Purpose | What is sent | Where it goes |
|---|---|---|
| Activate licence | Licence key, anonymous device identifier, app version | Our licence server (Cloudflare Worker, EU edge) |
| Verify licence on startup | Licence key, device identifier | Our licence server |
| Deactivate licence | Licence key, device identifier | Our licence server |
| Download a Whisper model | Standard HTTPS download request | Hugging Face / model host |
| URL-based transcription | Standard HTTPS request to the URL you paste | The host you specified |
| Update check | Current app version | Our update endpoint |
| Checkout (website only) | Email address, payment details, country | Stripe |
Transient network errors during a verify check are tolerated — SaidVault does not lock you out for being offline. The app only reverts to trial mode if our server explicitly returns revoked: true for your key (see Section 9).
5. Data we hold about you (purchase & licensing)
When you buy a licence, we and our payment processor handle a small amount of personal data:
- Email address — needed to deliver your licence key and provide support.
- Country / billing region — used for payment processing, consumer-rights handling, accounting, and any tax records we are legally required to keep.
- Licence key issued to you (format
SV-XXXX-XXXX-XXXX-XXXX), the date issued, and the activation status (active, refunded, revoked). - Anonymous device identifier(s) for any device on which the licence has been activated. This is a hashed value derived from local OS attributes and is not, by itself, personally identifiable.
- Stripe customer / payment-intent ID referencing your purchase. We do not store card numbers.
- Support correspondence you send us, kept for as long as needed to handle the request and any reasonable follow-up.
6. Legal basis (GDPR Art. 6)
- Performance of a contract (Art. 6(1)(b)) — for processing your purchase, issuing and verifying your licence key, providing the download, and delivering email support.
- Legal obligation (Art. 6(1)(c)) — for retention of invoice and tax records as required by Polish and EU law.
- Legitimate interest (Art. 6(1)(f)) — for fraud prevention (e.g. blocking duplicate or stolen licence keys) and for keeping the licence server secure. Our legitimate interest does not override your rights.
7. Service providers we rely on
We use a small number of carefully chosen processors. Each is contracted under standard data-processing terms.
- Stripe — payment processing. Stripe handles card data on its own infrastructure under PCI-DSS. See stripe.com/privacy.
- Cloudflare — hosts the licence server (Cloudflare Workers + D1) at the EU edge. See cloudflare.com/privacypolicy.
- Zoho ZeptoMail — sends transactional licence-key and admin login emails. See zoho.com/privacy.html.
- Hugging Face (or equivalent model host) — only when you choose to download a Whisper model. We do not share your account data with them; the request is a standard HTTPS download from your machine.
Where processing involves transfers outside the EEA (for example, Stripe’s global infrastructure), the transfer is covered by the Standard Contractual Clauses or equivalent safeguards.
8. How long we keep data
- Licence records (key, email, activation status, purchase reference): kept for as long as the licence is active and for up to 5 years after the last activity, in line with Polish accounting and tax retention requirements.
- Invoices & payment records: 5 years from the end of the tax year in which they were issued, as required by law.
- Support emails: typically up to 24 months unless ongoing.
- Server access logs: short-lived (days to weeks) for security and abuse prevention.
9. Refunds, chargebacks, and key revocation
If you receive a refund or your bank reverses the charge, your licence key is automatically marked as revoked on our licence server. The next time SaidVault checks the key, it returns to trial mode. We treat the revocation as a contractual consequence of the refund, not a separate decision about your data.
10. Your rights under GDPR
If you are in the EU/EEA (or somewhere with equivalent rights, e.g. the UK GDPR), you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data (e.g. update the email address attached to a licence).
- Erasure (“right to be forgotten”), subject to our legal retention obligations for invoices.
- Restrict processing in certain circumstances.
- Data portability — receive your data in a structured, commonly used format.
- Object to processing based on legitimate interests.
- Withdraw consent, where consent is the basis (it generally is not — most processing is contractual).
To exercise any of these rights, email support@saidvault.com from the address attached to your licence. We respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority. In Poland that is the President of the Personal Data Protection Office (UODO) — uodo.gov.pl.
11. Children
SaidVault is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can delete it.
12. Cookies & analytics
The SaidVault desktop application does not use cookies. The marketing website does not use third-party analytics or advertising trackers, and does not set non-essential cookies.
13. Security
Licence tokens are signed with Ed25519 keys we control and verified by the licence system. Network traffic to our licence server is HTTPS-only. The licence server runs on Cloudflare Workers with D1 storage at the EU edge. No system is perfectly secure, but we treat the limited data we hold with appropriate care.
14. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the “Last updated” date at the top of the page. Continued use of SaidVault after changes take effect indicates acceptance of the updated policy.
15. Contact
Questions about this policy or about your data?
Maciej Klunder
Warsaw, Poland
Email: support@saidvault.com