Security Overview

Wispr Flow protects your dictation with encryption, privacy controls, and enterprise-grade compliance options. This overview covers how your data is secured, what privacy settings you can configure, and which controls are available on each plan.

What it is

Security in Wispr Flow spans three layers: how your voice and transcripts are encrypted in transit and at rest, what privacy controls you can configure as a user, and what policies your organization can enforce on an Enterprise plan. Together they let individuals control their data and let admins meet compliance requirements like HIPAA and Zero Data Retention.

How it works in Flow

Overview

Security is built into every layer of Wispr Flow — from how your voice is transmitted, to how transcripts are stored, to how organizations enforce policy. The engineering team follows secure development practices, including code reviews, security testing, and regular updates.

Key behaviors

• Encryption in transit: All data is protected with industry-standard TLS/HTTPS encryption.

• Encryption at rest: Stored data is protected through infrastructure-level security controls.

• Credential security: Authentication tokens are stored in the app's secure local storage and validated on each session.

• Session management: Tokens are validated by expiry, and sessions refresh automatically through our authentication provider.

• Policy enforcement: Enterprise policies (such as Zero Data Retention and local data deletion) are enforced on client devices, not just configured server-side.

• Monitoring: Real-time error monitoring and tracing across all platforms support rapid incident response.

• PII protection in monitoring: Backend error events are stripped of sensitive data (authorization tokens, cookies, request bodies, email, and name) before transmission. Only anonymized identifiers are retained.

Privacy controls

Wispr Flow offers Privacy Mode (Zero Data Retention) on Desktop, iOS, and Android. When enabled, none of your dictation data is stored or used for model training by Wispr or any third party.

• Enabling Privacy Mode: Open Settings → Data & Privacy on Desktop, iOS, or Android. On Android, you can also select Privacy Mode during onboarding.

• Default state: Privacy Mode is off by default. When off, dictation data may be used to improve Wispr Flow.

• Context Awareness (Desktop): A toggle in Settings → Data & Privacy controls whether Flow uses on-screen context to improve transcription accuracy. Enabled by default.

• HIPAA BAA: Healthcare customers can sign the HIPAA Business Associate Agreement in-app on Desktop and iOS, which permanently locks Privacy Mode on. Enterprise users may be directed to their organization's admin portal to sign.

• Enterprise ZDR lock: If your organization enforces Zero Data Retention, Privacy Mode is locked on and cannot be disabled by individual users.

• iOS system integrations: Note content is indexed in Spotlight, and Siri Shortcuts can create notes by voice but cannot read existing note content. For HIPAA users, Spotlight indexing, Siri Shortcuts, note syncing, and AI summaries are disabled by default.

Data storage controls (Desktop)

In Settings → Data & Privacy, the Data Storage dropdown controls how transcripts and polish history are stored locally:

• Store data locally: Keeps transcripts as usual (default).

• Auto-delete local data every 24 hours: Removes transcripts and polish history older than 24 hours. Cleanup runs on a daily schedule, so transcripts may persist slightly longer than 24 hours until the next run.

• Never store data locally: Immediately deletes existing transcripts and polish history, and prevents future local storage.

Switching to a more restrictive option shows a confirmation prompt before the change takes effect. Switching back to "Store data locally" applies immediately. When storage is disabled, the History page shows a message explaining why it is empty.

Enterprise security

Enterprise plan administrators configure these controls through the admin portal — not within the desktop app:

• SSO/SAML: Single sign-on via WorkOS, supporting both SP-initiated and IdP-initiated flows. SSO can be enforced so non-SSO login methods are blocked for your domain. Requires an active enterprise subscription — if it lapses, non-SSO login methods are temporarily re-enabled.

• SCIM provisioning: Automated user provisioning through your identity provider (e.g., Okta, Azure AD). SCIM-managed domains block self-registration.

• Zero Data Retention (ZDR): Enforce Privacy Mode across all team members.

• Local data policy: Set a minimum data restriction level for the organization. If set to "Never store data locally," the user setting is fully locked. If set to "Auto-delete," users can choose that option or the more restrictive "Never store," but cannot choose "Store data locally." The dropdown shows a note that the option is managed by your organization.

• Context Awareness policy: Disable Context Awareness for the entire organization. When disabled, each user's toggle is turned off and locked, with a message indicating the setting is managed by the organization.

• IP allowlist: Restrict access to specific IPv4 or IPv6 addresses or ranges. Configured under Network Access in the admin portal. A safeguard prevents saving a configuration that would lock out the admin. On desktop (Mac and Windows), if a user connects from a network not on the approved list, Flow signs them out and shows a "Your network isn't allowed" screen. Dictation and all other Flow features are paused until the user reconnects from an approved network and selects Retry, or selects Sign Out to return to the login screen.

• HIPAA BAA: In-app Business Associate Agreement signing for healthcare compliance.

• Domain-based auto-add: Automatically add new users with a matching company email domain to your enterprise plan.

• Domain access restriction: Optionally block login for users with your company email domain who are not members of your enterprise. Requires an active enterprise subscription — if it lapses, the restriction is temporarily lifted. Login is permitted on unexpected errors to prevent lockouts.

• Policy resilience: Enterprise security policies remain enforced even when the device is temporarily offline. Cached policies are preserved until the server explicitly confirms a membership change.

Compliance and certifications

• HIPAA: In-app BAA signing available on Desktop and iOS.

• Zero Data Retention: Enforcement available for enterprise customers.

• SSO/SAML: With enforcement options.

• SCIM provisioning: For automated user management.

• SOC 2 Type II and ISO 27001: Certifications in progress.

• Third-party audits: Regular audits to verify security controls.

For more detail, see the other Security & Compliance articles or visit the Data Controls page.

FAQs

Limitations and notes

• Privacy and data control features vary by platform. Desktop and iOS offer the most comprehensive controls.

• The Data Storage dropdown is currently available on Desktop only.

• Android currently offers a Privacy Mode toggle, with additional controls coming soon.

• HIPAA BAA signing is available on Desktop and iOS only.

• Enterprise security features (SSO enforcement, SCIM, ZDR, local data policies, Context Awareness policy, IP allowlist) require an Enterprise plan and are configured through the admin portal.

• If your organization has locked the Data Storage or Context Awareness setting, the relevant control in Settings → Data & Privacy is disabled and cannot be changed by individual users.

• IP allowlist enforcement on desktop (Mac and Windows) signs you out and pauses dictation when you connect from a network not on your company's approved list. Signing in again from an approved network restores full access.

• On iOS, Spotlight indexing of notes, Siri Shortcuts, note syncing, and AI summaries are disabled by default for HIPAA users.

• On Android, the Flow dictation bubble is automatically hidden in banking and financial apps (136 apps across 9 regions), and text from those apps is never read or used as transcription context.