Privacy Mode & Data Retention

Last updated: April 25, 2026

Available on: Mac, Windows, iOS, Android

Privacy Mode keeps your dictation content from being stored on Wispr servers after transcription. Audio is processed in real time and immediately discarded — nothing is retained or used for model training.

What it is

Privacy Mode enables zero data retention for your dictation content. Dictation data is processed on Wispr servers for transcription and is not retained afterward — no audio, text, or derived data is stored or used for model training.

The setting appears as a toggle in Settings → Data & Privacy. Enterprise customers can enforce it organization-wide, and HIPAA BAA users have it permanently locked on.

When to use it

Use Privacy Mode when you want to:

  • Ensure dictation data never persists on Wispr servers after your session ends

  • Meet enterprise compliance requirements for data handling

  • Prevent Wispr from using your transcription data for model training

  • Work in healthcare settings under a HIPAA BAA

How it works in Flow

Overview

When Privacy Mode is on, dictation data is processed for transcription and immediately discarded. No dictation content, audio, or derived data is stored on Wispr servers or used for model training.

Key behaviors

  • Cross-device sync: Privacy Mode settings sync across your devices. Changes push to the server immediately, and other devices pick up the change on their next sync (within 5 minutes, or up to an hour on legacy polling). Conflicts resolve by timestamp — the most recent change wins.

  • Enterprise enforcement: Privacy Mode is locked on when your organization has enabled Zero Data Retention (ZDR) or signed a HIPAA Business Associate Agreement. The toggle tooltip explains why it is locked. On iOS, if the app cannot retrieve your organization's settings, Privacy Mode is enabled automatically as a safety measure.

  • HIPAA BAA lock: After signing the HIPAA Business Associate Agreement, Privacy Mode is permanently locked on. Signing the BAA is irreversible.

  • "Help improve Flow" exclusion: Privacy Mode and "Help improve Flow" are mutually exclusive — enabling one disables the other. On iOS, "Help improve Flow" is not available in Settings → Data & Privacy after onboarding.

  • Notes privacy on iOS: When Privacy Mode is on (or HIPAA BAA is signed), notes are not indexed in Spotlight search, Siri suggestions based on notes are disabled, and the AI summary button on notes is hidden.

Enterprise privacy controls

Organizations with ZDR enabled or a HIPAA BAA signed have Privacy Mode pre-selected and locked during onboarding. On desktop, both the Privacy Mode and "Help improve Flow" toggles are disabled. On iOS, Privacy Mode is shown first and "Help improve Flow" is greyed out.

Enterprise admins can also control how transcripts are stored locally on user devices. When the admin has locked this setting, the Local data storage dropdown in Settings → Data & Privacy is disabled with a tooltip explaining it is managed by the organization:

  • Store data locally: Transcripts are stored on the device indefinitely.

  • Auto-delete local data every 24 hours: Transcripts are deleted after 24 hours.

  • Never store data locally: Transcripts are never saved to the device. The History page shows a message indicating history is disabled by your organization.

When the enterprise sets Auto-delete, less-restrictive options are hidden but users can still choose more restrictive ones. When Never store is set, the dropdown is fully locked.

Note: When your organization sets the transcript-deletion policy to "Auto-delete local data every 24 hours" or "Never store data locally," Insights and Voice Profile features are hidden across the app (Insights sidebar tab, Voice Profile home card, Voice Profile onboarding step, and the "Your Voice" tab on Insights). These features rely on transcript history that the policy deletes.

Admins can also control Context Awareness from the Organization settings page under Data Controls (Enterprise plan only):

  • Available (default): Users control the Context Awareness toggle themselves in Settings → Data & Privacy.

  • Disable for all users: Context Awareness is turned off for everyone. The toggle in Settings → Data & Privacy is locked with the tooltip: "This setting is managed by your organization."

Warning: Once a HIPAA BAA is signed at the organization level, Zero Data Retention cannot be disabled. Wispr may also lock the ZDR setting at an organization's request, preventing changes without contacting Wispr support.

Local data storage (individual users)

On desktop, individual users manage local data storage in Settings → Data & Privacy → Local data storage:

  • Store data locally (default): Transcripts and polish history are kept as usual.

  • Auto-delete local data every 24 hours: Transcripts and polish history older than 24 hours are deleted automatically. A daily cleanup also runs at noon local time while the app is open.

  • Never store data locally: All existing transcripts and polish history are deleted immediately, no future data is saved, and audio recordings are not saved. The History page shows a message that storage is disabled, with guidance to change it in Settings → Data & Privacy.

Warning: Selecting "Auto-delete local data every 24 hours" or "Never store data locally" deletes existing transcripts and polish history. A confirmation dialog appears before the change is applied. The policy takes effect immediately upon confirmation.

Local transcription history on mobile

Privacy Mode prevents Wispr servers from retaining your dictation data after processing. Local history storage governs what transcription records are kept on your device. These are independent settings.

  • Android: History is saved locally and managed automatically based on available storage — up to 100,000 entries with 1 GB+ free, 50,000 with 500 MB–1 GB, and 25,000 with less than 500 MB. Internal storage and SD cards both count. When the limit is reached, the oldest entries are removed.

  • iOS: "Auto-delete transcripts" is available in Settings → Data & Privacy (default off). When on, history entries older than the current day are deleted each time the app comes to the foreground. Auto-delete requires you to be signed in. Transcript age is determined by when recording started — a session that began before midnight but finished after is treated as the previous day.

How to enable Privacy Mode

Mac and Windows

  1. Click the Flow icon in your menu bar (Mac) or system tray (Windows), then click Settings.

  2. Go to Data & Privacy.

  3. Toggle Privacy Mode on. The change takes effect immediately.

iOS and Android

  1. Open the Wispr Flow app.

  2. Tap Settings → Data & Privacy.

  3. Toggle Privacy Mode on. The change takes effect immediately — no app restart required.

Enterprise customers

Privacy Mode is available for enterprise customers on qualifying plans. To enable it for your organization:

  1. Contact your account representative.

  2. Review your enterprise agreement terms.

  3. Visit the Data Controls page for additional information.

Once enabled at the organization level, Privacy Mode applies to all users automatically.

Examples

Individual user enabling Privacy Mode

You open Settings → Data & Privacy and toggle Privacy Mode on. "Help improve Flow" is automatically unchecked. From this point, all dictation data is processed and immediately discarded from Wispr servers.

Individual user choosing not to store data locally (Mac or Windows)

You open Settings → Data & Privacy and set Local data storage to "Never store data locally." A confirmation dialog warns that existing transcripts and polish history will be deleted. After you confirm, all local history is removed and no future transcripts are saved.

Enterprise admin enforcing zero data retention

Your organization enables ZDR through your account representative. All team members see Privacy Mode locked on in their settings — the toggle is greyed out. New members joining the organization have it pre-selected during onboarding.

Enterprise admin enforcing a transcript-deletion policy

Your organization sets local data storage to "Auto-delete local data every 24 hours" or "Never store data locally." The Insights tab, Voice Profile home card, and Voice Profile onboarding step are hidden for all users. The "Your Usage" tab on the Insights page remains accessible, but "Your Voice" is removed.

Enterprise admin disabling Context Awareness for all users

An admin opens the Organization settings page, goes to Data Controls, and sets Context Awareness to "Disable for all users." All team members see the Context Awareness toggle in Settings → Data & Privacy turned off and locked, with the tooltip: "This setting is managed by your organization."

HIPAA BAA user

After signing the HIPAA Business Associate Agreement, Privacy Mode is permanently locked on for your account. Dictation data is never stored on Wispr servers. Notes sync across your devices, and you have full access to the Notes and Meetings pages. On iOS, notes do not appear in Spotlight search and Siri suggestions based on notes are disabled.

FAQs

Can I use Privacy Mode as an individual user?

Yes. Individual users can enable Privacy Mode on Mac, Windows, iOS, and Android in Settings → Data & Privacy.

Is aggregated or anonymized data retained?

Aggregated or anonymized dictation data is not retained indefinitely. It is not used for marketing, external sharing or sale, or public benchmarks without explicit customer consent.

What data is still collected when Privacy Mode is on?

Privacy Mode applies to dictation content only. Account information, usage metadata (timestamps, feature usage, session data), technical logs, and billing information may still be collected for operational purposes.

What happens to my data when my contract ends?

If Privacy Mode was enabled, no dictation data persists — none was retained in the first place. Account and operational data is deleted or returned as specified in your Data Processing Addendum (DPA), available through the Trust Center.

Do subprocessors retain my dictation data?

No. When Privacy Mode is on, subprocessors are contractually required to follow zero data retention — none retain dictation data after processing.

Can my organization lock the Local data storage setting?

Yes. Enterprise admins can lock the Local data storage setting for all users. When locked, the dropdown in Settings → Data & Privacy is disabled and a tooltip explains that the setting is managed by your organization.

Can my organization lock the Context Awareness setting?

Yes. Enterprise admins can disable Context Awareness for all users from the Organization settings page under Data Controls (Enterprise plan only). The toggle in Settings → Data & Privacy is then locked with the tooltip: "This setting is managed by your organization."

Why are Insights and Voice Profile hidden for some enterprise users?

If your organization sets the transcript-deletion policy to "Auto-delete local data every 24 hours" or "Never store data locally," Insights and Voice Profile are hidden because they depend on transcript history that the policy deletes. The "Your Usage" tab on Insights remains available.

Limitations and notes

  • Privacy Mode is available on Mac, Windows, iOS, and Android for individual users. Enterprise customers can enforce it organization-wide across all platforms.

  • HIPAA BAA signing is available on Mac, Windows, and iOS. It is not available on Android. Signing the BAA is irreversible and permanently locks Privacy Mode on.

  • Privacy Mode applies to dictation content only — account information, usage metadata, and technical logs may still be collected.

  • The Local data storage dropdown (Settings → Data & Privacy) is available on Mac and Windows only.

  • Enterprise admins can disable Context Awareness for all users via Organization settings → Data Controls (Enterprise plan only).

  • On iOS, users with Privacy Mode enabled (including HIPAA users) have Spotlight indexing of notes, Siri suggestions for notes, and the AI summary button on notes disabled.

  • When an enterprise transcript-deletion policy of "Auto-delete local data every 24 hours" or "Never store data locally" is active, the Insights sidebar tab, Voice Profile home card, Voice Profile onboarding step, and "Your Voice" tab on Insights are hidden for all users in the organization.

  • For users not operating under Privacy Mode, standard retention periods apply as described in the Privacy Policy.