Security Overview

Last updated: May 22, 2026

Available on: Mac, Windows, iOS, Android

Wispr Flow protects your dictation with encryption, privacy controls, and enterprise compliance options. This overview explains how your data is secured, what you can configure yourself, and what your admin can enforce on an Enterprise plan.

What it is

Security in Wispr Flow spans three layers: how your voice and transcripts are encrypted in transit and at rest, what privacy controls you can configure as a user, and what policies your organization can enforce on an Enterprise plan. Together, they let individuals control their data and let admins meet compliance requirements like HIPAA and Zero Data Retention.

How it works in Flow

Overview

Security is built into every layer of Wispr Flow — from how your voice is transmitted, to how transcripts are stored, to how organizations enforce policy. The engineering team follows secure development practices, including code reviews, security testing, and regular updates.

Encryption and infrastructure

  • Encryption in transit: All data is protected with industry-standard TLS/HTTPS encryption.

  • Encryption at rest: Stored data is protected through infrastructure-level security controls.

  • Session management: Authentication tokens are validated on every request, and sessions refresh automatically through our authentication provider.

  • Policy enforcement: Enterprise policies (such as Zero Data Retention and local data deletion) are enforced on client devices, not just configured server-side.

  • Monitoring: Real-time error monitoring and tracing across all platforms support rapid incident response. Sensitive fields like authorization tokens and request bodies are stripped from error reports before transmission.

Privacy controls

Wispr Flow offers Privacy Mode (Zero Data Retention) on Desktop, iOS, and Android. When enabled, none of your dictation data is stored or used for model training by Wispr or any third party.

  • Enabling Privacy Mode: Open Settings → Data & Privacy on Desktop, iOS, or Android. On Android, you can also select Privacy Mode during onboarding.

  • Default state: On Android, the toggle defaults off. On Desktop and iOS, you pick during onboarding. When Privacy Mode is off, dictation data may be used to improve Wispr Flow.

  • Context Awareness (Desktop): A toggle in Settings → Data & Privacy controls whether Flow uses on-screen context to improve transcription accuracy. Enabled by default.

  • HIPAA BAA: Healthcare customers can sign the HIPAA Business Associate Agreement in-app on Desktop and iOS, which permanently locks Privacy Mode on. On Desktop, enterprise users who have not yet signed are directed to their organization's admin portal instead of the in-app signing dialog.

  • Enterprise ZDR lock: If your organization enforces Zero Data Retention, Privacy Mode is locked on and cannot be disabled by individual users.

  • iOS system integrations: Note content is indexed in Spotlight, and Siri Shortcuts can create notes by voice but cannot read existing note content.

Data storage controls (Desktop)

In Settings → Data & Privacy, the Data Storage dropdown controls how transcripts and polish history are stored locally:

  • Store data locally: Keeps transcripts as usual (default).

  • Auto-delete local data every 24 hours: Removes transcripts and polish history older than 24 hours. Switching to this option immediately deletes existing transcripts and polish history older than one day. Deletion runs when you switch policies and when Flow refreshes enterprise settings, so items may persist briefly past 24 hours until the next refresh.

  • Never store data locally: Immediately deletes existing transcripts and polish history, and prevents future local storage.

Switching to a more restrictive option shows a confirmation prompt before the change takes effect. Switching back to "Store data locally" applies immediately. When storage is disabled, the History page shows a message explaining why it is empty.

Warning: Selecting "Never store data locally" immediately deletes your existing transcripts and polish history. This cannot be undone.

Enterprise security

Enterprise plan administrators configure these controls through the admin portal — not within the desktop app:

  • SSO/SAML: Single sign-on via WorkOS, supporting both SP-initiated and IdP-initiated flows. SSO can be enforced so non-SSO login methods are blocked for your domain. Requires an active enterprise subscription — if it lapses, non-SSO login methods are temporarily re-enabled.

  • SCIM provisioning: Automated user provisioning through any SCIM-compatible identity provider via WorkOS Directory Sync. SCIM-managed domains block self-registration.

  • Zero Data Retention (ZDR): Enforce Privacy Mode across all team members.

  • Local data policy: Set a minimum data restriction level for the organization. If set to "Never store data locally," the user setting is fully locked. If set to "Auto-delete," users can choose that option or the more restrictive "Never store," but cannot choose "Store data locally." The dropdown shows a note that the option is managed by your organization.

  • Context Awareness policy: Disable Context Awareness for the entire organization. When disabled, each user's toggle is turned off and locked, with a message indicating the setting is managed by the organization.

  • IP allowlist: Restrict access to specific IPv4 or IPv6 addresses or ranges, configured under Network Access in the admin portal. On Mac and Windows, if a user is off-network, Flow signs them out and shows a "Your network isn't allowed" screen. Dictation and all other Flow features are paused until they reconnect from an approved network and select Retry, or select Sign Out to return to the login screen. The allowlist supports up to 64 CIDR entries; wildcard CIDRs are not allowed. A safeguard prevents saving a configuration that would lock out the admin, and allowlist changes can take up to ~30 seconds to propagate.

  • HIPAA BAA: In-app Business Associate Agreement signing for healthcare compliance.

  • Domain-based auto-add: Automatically add new users with a matching company email domain to your enterprise plan.

  • Domain access restriction: Optionally block login for users with your company email domain who are not members of your enterprise. This is configured by Wispr (not self-service) — contact support to enable it. Domain-based auto-add and domain access restriction are evaluated at login, with auto-add running first so a matching user can be auto-joined and pass the restriction check in a single login. Requires an active enterprise subscription — if it lapses, the restriction is temporarily lifted.

  • Policy resilience: Enterprise security policies remain enforced even when the device is temporarily offline. Cached policies are preserved until the server explicitly confirms a membership change.

Compliance and certifications

  • HIPAA: In-app BAA signing available on Desktop and iOS.

  • Zero Data Retention: Enforcement available for enterprise customers.

  • SSO/SAML: With enforcement options.

  • SCIM provisioning: For automated user management.

  • SOC 2 Type II and ISO 27001: Certifications in progress.

  • Third-party audits: Regular audits to verify security controls.

For more detail, see the other Security & Compliance articles, visit the Data Controls page, or request compliance documentation through the Wispr Trust Center.

FAQs

Is my voice data used to train AI models?

With Privacy Mode enabled, none of your dictation data is stored or used for model training by Wispr or any third party.

Does Wispr Flow support HIPAA compliance?

Yes. On Desktop and iOS, healthcare customers can sign the HIPAA Business Associate Agreement in-app, which permanently enables Privacy Mode. Enterprise customers on Desktop are directed to their organization's admin portal to handle BAA signing.

What enterprise security features are available?

Enterprise plans include SSO/SAML, SCIM provisioning, Zero Data Retention enforcement, local data policies, Context Awareness policy, IP allowlist, domain-based auto-add, and domain access restriction.

How do I control how my transcripts are stored locally on Desktop?

Open Settings → Data & Privacy and use the Data Storage dropdown. Choose to store data locally (default), auto-delete every 24 hours, or never store data locally. If your organization manages this setting, the dropdown is disabled — contact your admin to change it.

My Context Awareness toggle is locked — what does that mean?

Your organization has disabled Context Awareness for all users. The toggle shows a message indicating it is managed by your organization. Contact your administrator with any questions.

Flow signed me out and says my network isn't allowed — what do I do?

Switch to an approved network (such as your corporate VPN or office Wi-Fi), then select Retry to sign back in. Select Sign Out to return to the normal login screen or use a different account. Contact your IT administrator if you're unsure which networks are approved.

Can my iOS notes be found in Spotlight or used with Siri?

Yes. Note content is indexed in Spotlight, and Siri Shortcuts let you create notes by voice. Siri Shortcuts cannot read existing note content.

Where can I request your SOC 2 report or other compliance documents?

Request access through the Wispr Trust Center. Documents (including SOC 2 Type II, ISO 27001, and security questionnaires) are available under NDA after the security team reviews your request.

Limitations and notes

  • Privacy and data control features vary by platform. Desktop and iOS offer the most comprehensive controls.

  • The Data Storage dropdown is currently available on Desktop only. Android offers a Privacy Mode toggle today, with additional controls coming soon.

  • HIPAA BAA signing is available on Desktop and iOS only.

  • Enterprise security features (SSO enforcement, SCIM, ZDR, local data policies, Context Awareness policy, IP allowlist) require an Enterprise plan and are configured through the admin portal.

  • If your organization has locked the Data Storage or Context Awareness setting, the relevant control in Settings → Data & Privacy is disabled and cannot be changed by individual users.

  • IP allowlist enforcement on Mac and Windows can sign you out and show a lockout screen if you are off your company's approved network, either at the start of a session or after changing networks. Switching to an approved network and selecting Retry restores full access.

  • On Android, the Flow dictation bubble is automatically hidden in banking and financial apps (136 apps across 9 regions), and text from those apps is never read or used as transcription context.