Privacy Policy

Last updated: 16. April 2026 · GDPR-compliant

1. Who we are

Benedikt Rapp("we", "us") operates the TalkIsCheap macOS application and the website talkischeap.app. You can reach us at benedikt.rapp@me.com.

2. What data we collect

2.1 When you purchase a license

• Email address (for delivering your license key and support)
• Stripe customer ID (to manage your subscription)
• Country (derived from payment, for tax purposes)

Payment details (credit card, bank info) are processed exclusively by Stripe and never reach our servers.

2.2 When you use the app

• Hardware ID (a hash of your machine UUID) — to bind your license to your device
• Usage events (transcribe/polish/search counts per day) — for quota enforcement and internal analytics
• Trial usage counter

2.3 What we DO NOT collect

• ❌ Your audio recordings — they are streamed through our proxy and never stored
• ❌ Your transcribed text — we never see or save what you dictate
• ❌ Your polished outputs
• ❌ Your IP address (beyond minimal ephemeral request logs)
• ❌ Any browsing behavior, dictation history, or personal content

3. Cloud providers

When you use the Pro subscription (proxy mode), your audio/text transits:

• Groq Inc. (speech recognition) — U.S.A.
• Anthropic PBC (text polishing) — U.S.A.
• Brave Software (voice search) — U.S.A.

All three providers are contractually required to not retain your content beyond request processing. Transit is encrypted with TLS 1.3.

If you prefer 100% local processing, use Bring-Your-Own-Keys or Offline Mode — no data leaves your computer.

4. Where your data lives

• Database: Neon (PostgreSQL), currently hosted in the U.S.A. We are migrating to the EU region.
• Payments: Stripe, Ireland (EU)
• Emails: Resend, U.S.A.
• Hosting: Vercel, edge-network with EU presence

5. Your rights (GDPR)

You have the right to:

• Access all data we hold about you (Art. 15 GDPR)
• Correct inaccurate data (Art. 16 GDPR)
• Have your data deleted (Art. 17 GDPR — "right to be forgotten")
• Receive your data in a portable format (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)
• Withdraw consent at any time
• File a complaint with a supervisory authority

To exercise any right, simply email us at benedikt.rapp@me.com. We respond within 72 hours.

6. Data retention

• License & payment records: kept as long as the license is active + 10 years (legal requirement for tax records)
• Usage events: kept for 24 months, then anonymized for analytics
• Server request logs: 7 days

7. Cookies

Our website uses only essential cookies for checkout and authentication. No tracking cookies, no analytics cookies, no third-party ad cookies.

If Meta Pixel is enabled for paid campaigns, you will be asked for consent on your first visit.

8. Security

• All data is encrypted in transit (TLS 1.3)
• Passwords and secrets are never stored in plaintext
• License keys are HMAC-signed
• API credentials are encrypted at rest

9. Changes to this policy

We may update this policy occasionally. Material changes will be announced via email to all registered users.

Questions? Email benedikt.rapp@me.com.