Privacy Policy

Your privacy is our priority. Learn how we handle your data.

Last Updated: November 15, 2024

Website https://hands-off.xyz

Contact support@hands-off.xyz

Introduction

HandsOff is a voice dictation application for macOS that prioritizes your privacy. This Privacy Policy explains how HandsOff handles your data.

TL;DR: We don't collect, store, or transmit any of your personal data. HandsOff has no backend servers, no analytics, and no tracking.

Information We Do NOT Collect

HandsOff does not collect, store, or transmit:

  • ❌Your voice recordings
  • ❌Your transcribed text
  • ❌Your OpenAI API keys
  • ❌Usage statistics or analytics
  • ❌Device information
  • ❌Personal information
  • ❌Location data
  • ❌Crash reports (unless you explicitly choose to send them)

How HandsOff Works

All HandsOff data is stored locally on your Mac:

πŸ”‘

OpenAI API Key

  • Where:macOS Keychain (system-level encrypted storage)
  • Access:Only HandsOff can access it, only on your Mac
  • Transmission:Sent directly to api.openai.com only when you use OpenAI mode
  • Our access:We cannot see or access your API key
πŸ“š

Transcription History

  • Where:Local JSON file at ~/Library/Application Support/HandsOff/transcriptions.json
  • Access:Only you and HandsOff on your Mac
  • Transmission:Never sent anywhere
  • Our access:We cannot see your transcription history
🎡

Audio Recordings

  • Where:Temporary memory buffer during recording
  • Retention:Deleted immediately after transcription
  • Transmission:Only to OpenAI API (if using OpenAI mode) or processed locally (if using Local mode)
  • Storage:Never permanently stored on disk
βš™οΈ

Application Settings

  • Where:~/Library/Application Support/HandsOff/settings.json
  • Content:Preferences like hotkeys, language selection, audio settings
  • Transmission:Never sent anywhere

Two Operating Modes

OpenAI Mode

When you use OpenAI Whisper API:

  1. You provide your own OpenAI API key
  2. Audio is sent directly from your Mac to api.openai.com
  3. The request includes your API key (from Keychain)
  4. OpenAI processes the audio and returns transcribed text
  5. Text is displayed and optionally saved to local history

Data flow: Your Mac β†’ OpenAI servers (via HTTPS)

What HandsOff doesn't see: We have no servers between you and OpenAI. We cannot intercept or access your audio or transcriptions.

OpenAI's Privacy Policy: When using OpenAI mode, OpenAI's privacy policy applies to data sent to their API. As of November 2024, OpenAI does not use API data for training.

Local Mode (whisper.cpp)

When you use Local whisper.cpp:

  1. Audio is processed entirely on your Mac
  2. No internet connection required (after initial model download)
  3. No data is sent to any servers
  4. 100% offline transcription

Data flow: Your Mac only (no external transmission)

Network Usage

HandsOff uses network access only for:

Required

1. OpenAI API requests (only if you use OpenAI mode)

  • β€’ Destination: api.openai.com
  • β€’ Content: Audio file + your API key + optional prompt/language parameters
  • β€’ Frequency: Each time you use voice dictation in OpenAI mode

2. Local model download (one-time, if you use Local mode)

  • β€’ Destination: Hugging Face CDN (huggingface.co)
  • β€’ Content: Request for whisper model file (~1.5 GB)
  • β€’ Frequency: Once, when you first enable Local mode

NOT Used For

  • ❌Analytics or tracking
  • ❌Crash reporting (unless you explicitly send a report)
  • ❌License validation
  • ❌Software updates (handled by macOS App Store)
  • ❌Advertisement
  • ❌Communication with our servers (we don't have any)

Third-Party Services

OpenAI (Optional)

If you choose to use OpenAI mode:

  • β€’ You are using OpenAI's Whisper API with your own API key
  • β€’ OpenAI's privacy policy applies to data sent to their API
  • β€’ OpenAI API data usage: https://openai.com/policies/api-data-usage-policies
  • β€’ As of November 2024, OpenAI does not use API data for model training

No Other Third Parties

HandsOff does not use:

  • ❌Analytics services (Google Analytics, Mixpanel, etc.)
  • ❌Crash reporting services (Sentry, Crashlytics, etc.)
  • ❌Advertisement networks
  • ❌Social media SDKs
  • ❌Any other third-party services

Data Security

Your Data is Secure Because:

1. No Backend Servers

We cannot be hacked because we have no servers. We cannot have a data breach because we don't collect data.

2. macOS Security Features

  • β€’ API key stored in macOS Keychain (encrypted, system-level)
  • β€’ App runs in macOS Sandbox (isolated from other apps)
  • β€’ All network requests use HTTPS

3. Local Storage

  • β€’ Transcription history stored in your user directory
  • β€’ Protected by macOS file permissions
  • β€’ Not accessible to other applications

4. Open Architecture

  • β€’ You can inspect network traffic (no hidden requests)
  • β€’ Data flow is transparent and documented

Your Rights and Control

You Have Full Control:

1. API Key Management

  • β€’ Add, update, or remove your OpenAI API key at any time
  • β€’ Key is deleted from Keychain if you remove it in settings

2. Transcription History

  • β€’ View all saved transcriptions
  • β€’ Search and filter history
  • β€’ Export history to Markdown or plain text
  • β€’ Clear all history with one click or disable history saving entirely

3. Audio Data

Audio is deleted immediately after transcription. No long-term storage of voice recordings.

4. Mode Selection

Switch between OpenAI and Local mode at any time. Use Local mode for 100% offline operation.

5. Data Portability

  • β€’ All data is in standard formats (JSON, text)
  • β€’ Easy to export and migrate
  • β€’ No proprietary lock-in

6. Complete Removal

Uninstall HandsOff to remove all data. Data locations:

  • β€’ ~/Library/Application Support/HandsOff/
  • - ~/Library/Application Support/HandsOff/
  • - macOS Keychain (search for 'HandsOff')

Children's Privacy

HandsOff is not directed at children under 13. We do not knowingly collect any information from children. If you are under 13, please do not use HandsOff.

International Users

HandsOff can be used worldwide. All data processing happens on your local Mac. When using OpenAI mode, your data is transmitted to OpenAI's servers (located in the United States). By using OpenAI mode, you consent to this data transfer.

GDPR Compliance (EU Users)

HandsOff is GDPR-compliant by design:

  • β€’ No personal data collection: We don't collect personal data, so GDPR data processing requirements don't apply
  • β€’ No data controller: We don't control or process your data
  • β€’ Your data stays with you: All data is local to your device
  • β€’ Right to erasure: Delete HandsOff and all data is gone
  • β€’ Data portability: Export your history at any time

CCPA Compliance (California Users)

HandsOff does not sell personal information because we don't collect it.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted at https://hands-off.xyz/privacy with an updated 'Last Updated' date.

If we make material changes, we may notify users through the application or email (if we have your contact information).

Continued use of HandsOff after changes constitutes acceptance of the updated policy.

Website Privacy (hands-off.xyz)

Our website https://hands-off.xyz may use:

Cookies

  • β€’ Essential cookies: For basic website functionality (if any)
  • β€’ Analytics cookies: We may use privacy-friendly analytics (like Plausible or Umami) that don't use cookies or collect personal data

Analytics

If we use analytics, we use privacy-friendly services that:

  • β€’ Don't use cookies
  • β€’ Don't collect personal information
  • β€’ Don't track users across websites
  • β€’ Provide only aggregate statistics

We do not use Google Analytics, Facebook Pixel, or similar tracking tools.

Contact Us

If you have questions about this Privacy Policy or HandsOff's privacy practices:

Email: support@hands-off.xyz

Website: https://hands-off.xyz

We will respond to privacy inquiries within 30 days.

Technical Details for Security Researchers

For those interested in the technical implementation:

Data Flow Architecture

[User's Mac]
    ↓
[HandsOff App]
    ↓
[Local Storage] ← History, Settings
    ↓
[macOS Keychain] ← API Key
    ↓
[User Choice]
    ↓
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
↓                ↓                ↓
[OpenAI API]     [Local whisper.cpp]
(HTTPS)          (No network)

Entitlements Used

HandsOff uses the following macOS entitlements:

  • β€’ com.apple.security.app-sandbox - Standard sandbox
  • β€’ com.apple.security.device.audio-input - Microphone access
  • β€’ com.apple.security.network.client - Network (for OpenAI API)
  • β€’ com.apple.security.automation.apple-events - Text insertion
  • β€’ com.apple.security.files.user-selected.read-only - Export functionality

Open Source Components

HandsOff uses whisper.cpp (MIT License) for local transcription. This component runs entirely on your device and does not transmit data.

Summary

What HandsOff Collects:

Nothing.

Where Your Data Goes:

  • β€’ Local mode: Nowhere (stays on your Mac)
  • β€’ OpenAI mode: Directly to OpenAI (with your API key)

Can We Access Your Data?

No. We have no backend servers and no way to access your data.

Can You Delete Your Data?

Yes. All data is localβ€”delete the app or clear history in settings.

Privacy is not a feature. It's our foundation.

This privacy policy is effective as of November 15, 2024.

HandsOff Β© 2024-2025. All rights reserved.

Privacy Policy - HandsOff | HandsOff