Privacy Mode & Data Retention
Available on: Mac, Windows, iOS, Android
Privacy Mode keeps your dictation content off Wispr servers — audio is transcribed in real time and immediately discarded, never stored or used for model training. Use it if you handle sensitive content, work under HIPAA, or need to meet enterprise compliance requirements.
What it is
Privacy Mode enables zero data retention for your dictation content. Audio is processed on Wispr servers for transcription and discarded immediately afterward — no audio, text, or derived data is stored or used for model training.
The setting appears as a toggle in Settings → Data & Privacy. Enterprise customers can enforce it organization-wide, and users covered by a HIPAA Business Associate Agreement (BAA) have it permanently locked on.
When to use it
Use Privacy Mode when you want to:
Ensure dictation data never persists on Wispr servers after your session ends
Meet enterprise compliance requirements for data handling
Prevent Wispr from using your transcription data for model training
Work in healthcare settings under a HIPAA BAA
How it works in Flow
Overview
When Privacy Mode is on, dictation data is processed for transcription and immediately discarded. Nothing about your dictation is stored on Wispr servers or used for model training.
Key behaviors
Cross-device sync: Privacy Mode settings sync across your devices. The originating device pushes changes to the server immediately, and other devices pick up the change on the next hourly sync. Conflicts resolve by timestamp — the most recent change wins.
Enterprise enforcement: Privacy Mode is locked on when your organization has enabled Zero Data Retention (ZDR) or signed a HIPAA BAA. The toggle tooltip explains why it is locked. On iOS, if the app cannot retrieve your organization's settings, Privacy Mode is enabled automatically as a safety measure.
HIPAA BAA lock: After signing the HIPAA BAA, Privacy Mode is permanently locked on. Signing requires typing a legal name and is irreversible. The HIPAA BAA document is hosted at wispr-flow-cdn.s3.us-west-2.amazonaws.com/policies/hipaa-baa/latest.pdf. Internal Wispr.ai employees are exempt from HIPAA BAA gating.
"Help improve Flow" exclusion: Privacy Mode and "Help improve Flow" are mutually exclusive during onboarding on desktop and iOS — selecting one deselects the other. After onboarding, there is no separate "Help improve Flow" toggle in Settings → Data & Privacy; Privacy Mode is the inverse of the underlying usage-sharing preference.
Notes privacy on iOS: When Privacy Mode is on (or a HIPAA BAA is signed), notes are not indexed in Spotlight search, Siri suggestions based on notes are disabled, and the AI summary button on notes is hidden.
Enterprise privacy controls
Organizations with ZDR enabled or a HIPAA BAA signed have Privacy Mode pre-selected and locked during onboarding. On desktop, both the Privacy Mode and "Help improve Flow" toggles are disabled. On iOS, Privacy Mode is shown first and "Help improve Flow" is greyed out.
Enterprise admins can also control how transcripts are stored locally on user devices. When the admin has locked this setting, the Local data storage dropdown in Settings → Data & Privacy is disabled with a tooltip explaining it is managed by the organization:
Store data locally: Transcripts are stored on the device indefinitely.
Auto-delete local data every 24 hours: Transcripts are deleted after 24 hours.
Never store data locally: Transcripts are never saved to the device. The History page shows a message indicating history is disabled by your organization.
When the enterprise sets Auto-delete, less-restrictive options are hidden but users can still choose more restrictive ones. When Never store is set, the dropdown is fully locked.
Note: When your organization sets the transcript-deletion policy to "Auto-delete local data every 24 hours" or "Never store data locally," the Voice Profile home card and Voice Profile onboarding step are hidden because they depend on transcript history.
Admins can also control Context Awareness from the Organization settings page under Data Controls (Enterprise plan only):
Available (default): Users control the Context Awareness toggle themselves in Settings → Data & Privacy.
Disable for all users: Context Awareness is turned off for everyone. The toggle in Settings → Data & Privacy is locked with the tooltip: "This setting is managed by your organization."
Warning: Once a HIPAA BAA is signed at the organization level, Zero Data Retention cannot be disabled. Wispr may also lock the ZDR setting at an organization's request, preventing changes without contacting Wispr support.
Local data storage (individual users)
On desktop, individual users manage local data storage in Settings → Data & Privacy → Local data storage:
Store data locally (default): Transcripts and polish history are kept as usual.
Auto-delete local data every 24 hours: Transcripts and polish history older than 24 hours are deleted automatically. A daily cleanup also runs at noon local time while the app is open.
Never store data locally: All existing transcripts and polish history are deleted immediately, no future data is saved, and audio recordings are not saved. The History page shows a message that storage is disabled, with guidance to change it in Settings → Data & Privacy.
Warning: Selecting "Auto-delete local data every 24 hours" or "Never store data locally" deletes existing transcripts and polish history. A confirmation dialog appears before the change is applied, and the policy takes effect immediately upon confirmation.
Local transcription history on mobile
Privacy Mode prevents Wispr servers from retaining your dictation data after processing. Local history storage governs what transcription records are kept on your device. These are independent settings.
Android: History is saved locally and managed automatically based on available storage — up to 100,000 entries with 1 GB+ free, 50,000 with 500 MB–1 GB, and 25,000 with less than 500 MB. Internal storage and SD cards both count. When the limit is reached, the oldest entries are removed.
iOS: "Auto-delete transcripts" is available in Settings → Data & Privacy (default off). When on, history entries older than the current day are deleted each time the app comes to the foreground. Auto-delete requires you to be signed in. Transcript age is determined by when recording started — a session that began before midnight but finished after is treated as the previous day. This setting remains user-adjustable on iOS even under HIPAA or ZDR.
How to enable Privacy Mode
Mac and Windows
Click the Flow icon in your menu bar (Mac) or system tray (Windows), then click Settings.
Go to Data & Privacy.
Toggle Privacy Mode on. The change takes effect immediately.
iOS and Android
Open the Wispr Flow app.
Tap Settings → Data & Privacy.
Toggle Privacy Mode on. The change takes effect immediately — no app restart required.
Enterprise customers
Privacy Mode is available for enterprise customers on qualifying plans. To enable it for your organization:
Contact your account representative.
Review your enterprise agreement terms.
Visit the Data Controls page for additional information.
Once enabled at the organization level, Privacy Mode applies to all users automatically. The lock is triggered by either ZDR enabled or a HIPAA BAA signed at the org level, and the lock state is reflected per-user via tooltip text on the Privacy Mode toggle.
Examples
Individual user enabling Privacy Mode
You open Settings → Data & Privacy and toggle Privacy Mode on. "Help improve Flow" is automatically unchecked. From this point, all dictation data is processed and immediately discarded from Wispr servers.
Individual user choosing not to store data locally (Mac or Windows)
You open Settings → Data & Privacy and set Local data storage to "Never store data locally." A confirmation dialog warns that existing transcripts and polish history will be deleted. After you confirm, all local history is removed and no future transcripts are saved.
Enterprise admin enforcing Zero Data Retention
Your organization enables ZDR through your account representative. All team members see Privacy Mode locked on in their settings — the toggle is greyed out. New members joining the organization have it pre-selected during onboarding.
Enterprise admin enforcing a transcript-deletion policy
Your organization sets local data storage to "Auto-delete local data every 24 hours" or "Never store data locally." The Voice Profile home card and Voice Profile onboarding step are hidden for all users.
HIPAA BAA user
After signing the HIPAA BAA, Privacy Mode is permanently locked on for your account and dictation data is never stored on Wispr servers. Notes sync is disabled by default for users where data is restricted under HIPAA or Privacy Mode. On iOS, notes do not appear in Spotlight search and Siri suggestions based on notes are disabled.
FAQs
Can I use Privacy Mode as an individual user?
Yes. Individual users can enable Privacy Mode on Mac, Windows, iOS, and Android in Settings → Data & Privacy.
Is aggregated or anonymized data retained?
Aggregated or anonymized dictation data is not retained indefinitely. It is not used for marketing, external sharing or sale, or public benchmarks without explicit customer consent.
What data is still collected when Privacy Mode is on?
Privacy Mode applies to dictation content only. Account information, usage metadata (timestamps, feature usage, session data), technical logs, and billing information may still be collected for operational purposes.
What happens to my data when my contract ends?
If Privacy Mode was enabled, no dictation data persists — none was retained in the first place. Account and operational data is deleted or returned as specified in your Data Processing Addendum (DPA), available through the Trust Center.
Do subprocessors retain my dictation data?
No. When Privacy Mode is on, subprocessors are contractually required to follow zero data retention — none retain dictation data after processing.
Can my organization lock the Local data storage or Context Awareness settings?
Yes. Enterprise admins can lock Local data storage for all users, and can disable Context Awareness from the Organization settings page under Data Controls (Enterprise plan only). When locked, the relevant control in Settings → Data & Privacy is disabled with the tooltip: "This setting is managed by your organization."
Why are Voice Profile features hidden for some enterprise users?
If your organization sets the transcript-deletion policy to "Auto-delete local data every 24 hours" or "Never store data locally," the Voice Profile home card and Voice Profile onboarding step are hidden because they depend on transcript history.
Limitations and notes
Privacy Mode is available on Mac, Windows, iOS, and Android for individual users. Enterprise customers can enforce it organization-wide across all platforms.
HIPAA BAA signing is available on Mac, Windows, and iOS. It is not available on Android. Signing the BAA is irreversible and permanently locks Privacy Mode on.
Privacy Mode applies to dictation content only — account information, usage metadata, and technical logs may still be collected.
The Local data storage dropdown (Settings → Data & Privacy) is available on Mac and Windows only.
Enterprise admins can disable Context Awareness for all users via Organization settings → Data Controls (Enterprise plan only).
On iOS, users with Privacy Mode enabled (including HIPAA users) have Spotlight indexing of notes, Siri suggestions for notes, and the AI summary button on notes disabled.
When an enterprise transcript-deletion policy of "Auto-delete local data every 24 hours" or "Never store data locally" is active, the Voice Profile home card and Voice Profile onboarding step are hidden.
For users not operating under Privacy Mode, standard retention periods apply as described in the Privacy Policy.