Privacy Policy

Effective April 19, 2026

OnType is a macOS voice input tool. This policy explains what we collect, why we need it, and what we never touch. We keep the surface small on purpose — the less data we hold, the less there is to lose.

Summary

  • By default, transcription runs locally on your Mac using on-device models. Your audio does not leave the device.
  • If you opt into a cloud speech provider, audio for that session is sent to that provider to be transcribed. We do not store it.
  • We collect the minimum required to run your account, enforce usage limits, and process payments.
  • We do not sell your data and we do not serve advertising.

What we collect

Account data

When you sign in, we receive an account identifier from our authentication service, along with the email you used to sign up. We use this to link your Mac to your subscription and to contact you about your account.

Device identifier

The app generates a stable per-device identifier (a machine_id) for diagnostics and abuse prevention. This value is random and not derived from your hardware serial, name, or any personally identifying field.

Usage metadata

To detect abuse and debug cloud speech reliability, we may store metadata for requests made against cloud speech providers — for example, session identifiers, duration, provider, and timestamps. We do not store the text you dictated or the audio you recorded.

Billing data

Payments are processed by Stripe. We receive a customer reference, a subscription status, and the period your plan covers. We never see your full card number.

Diagnostic logs

The desktop app writes logs to your own Mac at ~/Library/Logs/OnType/. These stay on your machine unless you explicitly send them to support to debug an issue.

Audio and transcribed text

Audio handling depends on the speech backend you pick in settings:

  • On-device (default): audio is captured, transcribed locally on Apple Silicon using MLX, and discarded when the session ends. Nothing is uploaded.
  • Cloud speech provider: audio is streamed to the third-party provider you selected, which returns text. We facilitate the request and record diagnostic metadata. The provider’s own policy governs handling on their side.

Transcribed text is inserted at your cursor and is not stored on our servers. If a feature later introduces history or cloud sync, we will make it opt-in and update this policy before turning it on.

Third-party services

We share the minimum data required for each service to do its job:

  • Stripe — payment processing and subscription management.
  • Cloudflare — hosting and delivery of this website and its API edge.
  • PostHog — privacy-aware product and web analytics for understanding website usage and improving onboarding.
  • Convex — database and server-side functions for accounts, cloud entitlement, and token provisioning.
  • Cloud speech providers (such as Alibaba DashScope and Volcengine) — only engaged when you choose a cloud backend. When engaged, audio from that session is transmitted to that provider to be transcribed.

How we use the data

  • Authenticate your Mac and verify your subscription.
  • Verify Trial or Pro cloud entitlement.
  • Process payments, renewals, and refunds.
  • Respond to support requests you send us.
  • Detect and prevent abuse such as credential sharing and automated scraping.

Retention

  • Account and subscription records are kept while your account exists, and for a short period afterward for tax and accounting reasons.
  • Usage counters roll on a short window (daily or monthly per tier) and are overwritten as they age.
  • Trial device identifiers are kept only long enough to enforce the trial window.

Your rights

You can request a copy of your account data, correct it, or ask us to delete it. To do so, email support@a1d.ai from the address tied to your account. Deleting your account also cancels any associated subscription.

Security

Traffic to our services runs over TLS. Secrets and provider keys live in managed environments and are never bundled into the desktop app. No system is perfectly secure; if we become aware of a breach that affects you, we will notify you without undue delay.

Children

OnType is not directed at children under 13, and we do not knowingly collect data from them. If you believe a child has provided us data, please contact us and we will remove it.

International users

Our infrastructure runs on global providers, so data may be processed outside your country. We rely on the safeguards our providers offer for cross-border transfers.

Changes

If we materially change how we handle data, we will update this page and move the effective date forward. Continued use of OnType after the change means you accept the updated policy.

Contact

Questions or requests: support@a1d.ai.