Features Pricing Compare Try Free
🛡️ Trust Center

Security & Compliance

VoiceBee is built by ByteBee, a European company. Privacy, security, and transparency are not features — they're foundations.

🇪🇺

GDPR

Compliant

European company. Full data subject rights. DPO available.

🔐

ISO 27001

Certified

Information security management system certified.

🔍

SOC 2 Type II

In Progress

Audit underway. Expected completion Q3 2026.

🏥

HIPAA

Planned

Enterprise plan. BAA available on request.

How Your Data Flows

Three processing modes, each with clear data boundaries.

🔒

Local Mode

  1. You hold hotkey — audio is recorded locally
  2. Whisper AI processes on-device
  3. Text inserted at cursor
  4. Audio deleted immediately
✅ Nothing leaves your device. Ever.
☁️

Cloud Mode

  1. Audio encrypted (TLS 1.3) and sent to STT
  2. Transcribed text returned to device
  3. Audio deleted — never stored
  4. Not used for AI model training
🔒 Encrypted in transit. Zero retention.
🤖

AI Dictation

  1. Voice transcribed (local or cloud)
  2. Text prompt sent to chosen AI model
  3. AI response inserted at cursor
  4. No audio reaches AI — only text
🔊 AI never hears your voice.

Security Practices

What we do to keep your data safe.

End-to-end encryption

TLS 1.3 for all cloud communications. No plaintext audio in transit.

Zero audio retention

Audio deleted immediately after transcription in all modes. No recordings stored.

No training on your data

Your voice and text are never used to train, fine-tune, or improve any AI model.

Local key encryption

API keys and credentials encrypted locally on your device. Never transmitted.

Minimal permissions

Only microphone + accessibility (macOS). No screen recording, no keylogging, no background processes.

Integrity-verified updates

Auto-updates with cryptographic signature verification. Tamper-proof delivery.

European infrastructure

ByteBee is headquartered in Athens, Greece. EU data processing by default.

User data control

Export, delete, or correct your data at any time. Full GDPR data subject rights.

Sub-processors

Third-party services that process data on our behalf.

Supabase (EU)

Authentication, database, edge functions. Data encrypted at rest and in transit.

Cloudflare

Workers for file processing and connector orchestration. R2 for knowledge base storage.

Stripe

Payment processing. PCI DSS Level 1 certified. We never see or store card numbers.

Composio

AI Assistant Connectors. Manages OAuth tokens for third-party integrations (Gmail, Slack, etc.). Credentials encrypted and scoped per user.

Documents & Policies

📄
Privacy Policy
📋
Terms of Service
📧
Security Contact

Need more details?

For security questionnaires, compliance documentation, or enterprise inquiries, reach out directly.

Contact Security Team