Privacy Policy

Effective date: May 12, 2026. See the changelog at the bottom of this page for what changed.

1. Who we are

WhisprDesk is a Mac dictation application and a product of RBJ Global LLC, a Texas limited liability company (“WhisprDesk,” “we,” “us”). You can reach us at [email protected].

2. Our design principle

WhisprDesk is a local-first application. Your audio and its transcriptions are processed on your device and stored on your device. We do not operate a server that receives, stores, or processes your audio or text. Third-party services we rely on are limited to payments (Lemon Squeezy), website hosting (Cloudflare), and (only if you explicitly configure them) the AI provider whose API key you enter into the app (OpenAI, Anthropic, Google).

3. Information we collect

3.1 Information that stays on your device

The following data is stored locally on your Mac and is never transmitted to us:

• Audio recordings (temporary, deleted after transcription)
• Transcribed text and transcription history
• Custom dictionary entries
• App settings and preferences
• Uploaded audio files you transcribe
• API keys for BYOK AI providers
• Your license key and activation state

3.2 Information we receive indirectly

When you purchase a license, Lemon Squeezy (our merchant of record) collects your email address and billing details, processes your payment, and issues a license key. We receive the minimum information necessary to fulfill your purchase: your email address and license key. We do not receive your card number, billing address, or other payment data.

3.3 Information you send to third-party AI providers

If you enable the optional AI cleanup or agent features, your transcribed text is sent directly from your Mac to the AI provider whose API key you configured (OpenAI, Anthropic, or Google). Those requests are governed by the provider's own privacy policy, not ours. WhisprDesk does not proxy, inspect, log, or store these requests.

3.4 Website analytics

Our website (whisprdesk.com) is hosted on Cloudflare Pages. Cloudflare may log basic request metadata for security and reliability purposes (IP address, user agent, request time).

We do not operate any analytics, tracking pixels, or advertising cookies on the marketing website. No Google Analytics, no Meta Pixel, no LinkedIn Insight Tag, no third-party measurement of any kind. The WhisprDesk desktop app is also not instrumented and does not phone home. See our Cookies page for the full breakdown.

Follow on LinkedIn link. This site includes a link to our LinkedIn company page. We do not load LinkedIn scripts, set LinkedIn cookies, or track visitors on this site. If you click the link, LinkedIn opens in a new tab and LinkedIn's own privacy practices apply once you are there.

4. How we use information

We use the limited information we receive to:

• Validate your license key when the app starts
• Respond to support inquiries you send us
• Notify you of critical updates to the software or terms
• Comply with legal obligations

We do not use your information for advertising, behavioral tracking, or training AI models.

5. Data retention

Data stored locally on your Mac remains there until you delete it or uninstall WhisprDesk. We retain your email address and license activation records for as long as your license is active, plus a reasonable period afterward for bookkeeping and legal purposes (typically up to seven years, consistent with U.S. federal tax and accounting record-keeping practice; the IRS recommends three to seven years depending on the situation).

6. Data security

We implement reasonable technical and organizational measures to protect the limited data we receive. Your API keys are stored on your Mac using the operating system's secure storage APIs. Our website is served over TLS. No system is perfectly secure; we cannot guarantee absolute security, and we minimize the data we hold so there is little to secure in the first place.

7. Your rights

Depending on where you live, you may have rights under privacy laws including the Texas Data Privacy and Security Act (TDPSA), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the EU and UK General Data Protection Regulation (GDPR/UK GDPR), and similar US state laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA). These may include the right to:

• Confirm whether we process personal information about you and access it
• Correct inaccurate information
• Request deletion of your personal information
• Obtain a portable copy
• Opt out of targeted advertising, sale of personal information, or profiling that produces legal or similarly significant effects
• Object to or restrict certain processing (GDPR/UK GDPR)
• Lodge a complaint with a data-protection authority in your jurisdiction

Sale and sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA, and we do not engage in targeted advertising as defined under the TDPSA, VCDPA, CPA, CTDPA, or UCPA. We also do not engage in profiling that produces legal or similarly significant effects.

How to exercise your rights. Email [email protected] from the address on your license. We will acknowledge within ten days and respond within forty-five days, with a one-time forty-five-day extension if the request is complex (TDPSA / CCPA / VCDPA standard). You may appeal a refusal by replying to our response email; we will respond to the appeal within sixty days.

8. Children's privacy

WhisprDesk is not directed at children under thirteen years old (or, in the European Economic Area and the United Kingdom, under the age set by the relevant member state, which ranges from thirteen to sixteen). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us and we will delete it.

9. International data transfers

If you are located outside Texas, USA, understand that the limited information we receive (primarily your email and license state) may be processed on servers in Texas, USA or other jurisdictions. By purchasing or using WhisprDesk, you consent to this transfer.

Where required by law, we rely on the data-transfer mechanisms our sub-processors (Lemon Squeezy, Cloudflare) make available, including the European Commission's Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable. We do not target the EU/EEA or UK market and do not maintain a representative under GDPR Article 27.

10. Third-party services we rely on

• Lemon Squeezy: payments and licensing. See lemonsqueezy.com/privacy.
• Cloudflare: website hosting and DNS. See cloudflare.com/privacypolicy.
• Apple: software distribution, code signing, and notarization. See apple.com/legal/privacy.
• OpenAI / Anthropic / Google: only if you explicitly configure a BYOK API key and enable optional AI features. Each provider has its own privacy terms; WhisprDesk is not a party to that relationship.

11. Cookies and similar technologies

Our marketing website sets no analytics or advertising cookies. Cloudflare may set a small number of functional cookies necessary for website security and caching; those are required to deliver the site. The WhisprDesk desktop application does not use cookies. Full breakdown on our Cookies page.

12. Future changes to these practices

We currently collect no visitor data on this site. If our practices change in the future, we will update this policy with a new effective date and clear disclosure of what changed. In particular, if we ever add analytics or marketing measurement, we will update this policy first, deploy any consent mechanism required for your jurisdiction, and describe specifically what is collected and why. We commit to updating before changing, not after.

13. Changes to this policy

We may update this Privacy Policy as the app evolves. The effective date at the top reflects the last revision. For material changes, we will attempt to notify existing license holders by email. Your continued use of WhisprDesk after an update indicates your acceptance of the updated policy.

14. Contact us

Questions about this policy or your data? Email [email protected].

Changelog

• 2026-05-12. Added a Follow on LinkedIn link disclosure to section 3.4. Non-material: we still do not load LinkedIn scripts, set LinkedIn cookies, or track visitors on this site. The link is a styled anchor that opens LinkedIn in a new tab.
• 2026-05-07. Removed our postal mailing address from sections 1 and 14; contact remains by email at [email protected].
• 2026-05-02. Renamed the contracting entity from RBJ Global Trading LLC to RBJ Global LLC (sections 1 and contact). Split contact addresses: privacy and DSAR traffic now goes to [email protected] (sections 1, 7, 14); refund traffic continues to [email protected]. Expanded section 7 to name the Texas Data Privacy and Security Act, the CPRA, the UK GDPR, and similar US state laws (VCDPA, CPA, CTDPA, UCPA), and added the explicit "we do not sell or share" declaration. Softened section 9 (international transfers) to describe sub-processor mechanisms rather than asserting we have signed Standard Contractual Clauses ourselves, and disclosed that we do not maintain a representative under GDPR Article 27.
• 2026-05-02. Added section 12 (Future changes to these practices) committing to publish any change to our data practices in this policy before it ships, with consent mechanisms where the law of your jurisdiction requires them.
• 2026-05-01. Removed Google Analytics from the marketing site and restored the no-analytics, no-cookies posture (sections 3.4 and 11).
• (prior). Initial publication.