Transcripted processes all audio 100% locally on your Mac. No audio, transcripts, or speaker data is ever sent to external servers. There are no API keys, no cloud services, and no analytics.
Data stored locally:
| Data | Location | Format |
|---|---|---|
| Transcripts | ~/Documents/Transcripted/ |
Markdown |
| Speaker voice fingerprints | ~/Documents/Transcripted/speakers.sqlite |
SQLite |
| Recording statistics | ~/Documents/Transcripted/stats.sqlite |
SQLite |
| Speaker clips | ~/Documents/Transcripted/speaker_clips/ |
WAV |
| Failed queue | ~/Documents/Transcripted/failed_transcriptions.json |
JSON |
| Application logs | ~/Library/Logs/Transcripted/app.jsonl |
JSON Lines |
| Qwen model cache | ~/Library/Caches/models/mlx-community/ |
MLX 4-bit |
Audio recordings are deleted after successful transcription.
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | Best effort |
If you discover a security vulnerability, please report it responsibly:
- Do not open a public GitHub issue for security vulnerabilities
- Email your report to the maintainers (open a private GitHub Security Advisory at https://github.com/r3dbars/transcripted/security/advisories/new)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge your report within 48 hours and aim to provide a fix within 7 days for critical issues.
Given that Transcripted is a local-only application, the primary security concerns are:
- Audio capture permissions — ensuring the app only captures audio when the user intends
- Local data protection — transcript and speaker database file permissions
- Model integrity — ensuring downloaded ML models haven't been tampered with
- Memory safety — preventing audio buffer overflows or use-after-free in CoreAudio callbacks
Out of scope: network-based attacks (the app makes no network requests after initial model download).