Privacy Policy

1. Information we collect

We collect the limited information needed to provide the Service:

• Account information: when you create an account we store your email address and authentication identifiers (for example, when you sign in with a password or with Google). Authentication is handled through Convex Auth.
• Content you submit: the audio you dictate and the text you ask us to transcribe, fix, or transform. This content is processed to return a result to you.
• Usage and billing data: your plan, request counts, free-tier usage, and — if you use your own OpenRouter key — the metadata needed to attribute usage and spending.
• Technical and product analytics: basic device, app version, and event data used to keep the Service reliable and improve it.

2. How your dictation and text are processed

When you dictate or run an AI command, your audio or text is sent over an encrypted connection to our backend, which runs on Convex. Our backend forwards the request to an AI provider through OpenRouter, receives the result, and returns it to you.

Audio is processed to produce a transcript and is not retained as part of a long-term profile of you. We do not build advertising profiles from your content.

3. AI providers and “no training on your data”

Dictor routes AI requests through OpenRouter to the model providers we select. Your content is sent to these providers only to generate the result you requested.

Your content is not used to train Dictor’s or our providers’ AI models. We send requests through OpenRouter in a configuration intended to exclude your prompts and inputs from model training. We choose providers and settings with privacy in mind, but the handling of data once it reaches a third-party provider is also governed by that provider’s own terms and privacy policy.

4. Backend and hosting (Convex)

Our application backend, database, and server-side functions run on Convex, our hosting and backend platform. Account data, plan and entitlement records, and the server-side logic that powers the Service are stored and executed there.

We rely on Convex’s infrastructure security and access controls. Convex acts as a processor of the data we store with it on our behalf.

5. Payments

Paid plans are handled by third-party payment processors (for example, Stripe on desktop/web and the app stores or RevenueCat on mobile). If you use your own OpenRouter API key, billing for that usage is handled directly by OpenRouter.

We do not store your full payment card numbers. Payment processors handle card data under their own security standards and privacy policies.

6. API keys you provide (BYOK)

If you bring your own AI provider key, the desktop app stores that key in your operating system’s secure keychain on your device — not in our database and not in browser local storage. It is used only to make requests you initiate.

7. Analytics

We use privacy-conscious product analytics to understand how the Service is used and to fix problems. We use this data in aggregate to improve the product, not to identify you personally beyond what is needed to operate your account.

8. How we use information

We use the information we collect to:

• Provide, maintain, and secure the Service, including transcription and AI commands.
• Manage your account, plan, free-tier limits, and any promotions.
• Process payments and, for BYOK users, attribute usage and spending.
• Detect, investigate, and prevent illegal activity, abuse, fraud, or violations of our Terms.
• Communicate with you about service, security, and important changes.
• Improve and develop new features.

9. Sharing and third parties

We do not sell your personal information. We share data only with the service providers that make Dictor work — such as Convex (backend and database hosting), OpenRouter and the AI model providers it routes to (to process your requests), payment processors (to handle billing), and analytics providers — and only as needed to operate the Service.

We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, and security of Dictor, our users, or the public.

10. Data retention

We keep account and billing records for as long as your account is active and as needed to comply with our legal obligations, resolve disputes, and enforce our agreements. Dictated content is processed to return your result and is not retained to build a profile of you. When you delete your account, we delete or anonymize the personal data associated with it, subject to limited records we may need to keep for legal or accounting reasons.

11. Security

We use encryption in transit, secure cloud infrastructure, and on-device secure storage for API keys to protect your information. No method of transmission or storage is completely secure, so while we work hard to protect your data, we cannot guarantee absolute security.

12. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can manage your account from within the app, and you can contact us to exercise these rights. We will respond consistent with applicable law.

13. International data transfers

Dictor and our providers may process and store data in countries other than your own. Where we transfer data internationally, we rely on appropriate safeguards required by applicable law.

14. Children

Dictor is not directed to children and is not intended for use by anyone under the age required by the laws of their country (generally 13, or higher where local law requires). We do not knowingly collect personal data from children.

15. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised Policy.

16. Contact us

If you have questions about this Policy or your data, please email us at support@dictor.io and we will be happy to help.