1. Who we are
Speakr Ltd ("Speakr", "we", "us", "our") is a company registered in England and Wales, trading as SpeakrStream at www.speakrstream.com. We are the data controller for personal data you provide to us as a customer. Where Speakr is deployed by your employer, your employer is the controller of your dictation and screen data and Speakr acts as a data processor under a Data Processing Agreement.
Contact: privacy@speakrstream.com · DPO: dpo@speakrstream.com.
2. Our core principle
Speakr is designed so that the most sensitive things we process — your voice and what is on your screen — never leave your device. Speech recognition, screen reading, grammar clean-up and answer generation run locally on your machine using models that are bundled with the application. Audio and screen captures are held in memory only for as long as it takes to produce a result, then immediately discarded.
3. Voice data
- Capture. Audio is captured only while you hold the activation hotkey. The microphone is otherwise inactive.
- Processing. Audio is transcribed locally on your device. Raw audio is never transmitted to our servers, never written to disk, and never shared with any third party.
- Retention. Zero. Audio buffers are wiped from memory the moment transcription finishes, typically within milliseconds.
- Training. We do not use your voice to train any model — ours or anyone else's. There is no opt-in or opt-out because no recording exists to train on.
4. Screen capture data
- Capture. Speakr reads your screen only when you explicitly invoke a feature that requires it (for example, asking Speakr to act on what's in front of you). It does not run a continuous screen recorder.
- Processing. Screenshots are analysed locally where possible. When a cloud model is required to fulfil a request, the relevant pixels are sent over TLS 1.3 to a UK/EU-hosted inference endpoint, processed in volatile memory, and the result is returned. No screenshot is retained by us or our model providers.
- Retention. Zero. Screenshots are not saved to disk, are not added to any training corpus, and are not visible to Speakr staff.
- Sensitive content. You are responsible for not invoking screen-reading features over content you are not permitted to process (e.g. another person's protected health information). Administrators can disable screen access by policy.
5. Dictated and generated text
The text Speakr produces is inserted directly into the application you are using. We do not keep a copy. If you choose to use the optional in-app notes feature, those notes are stored encrypted in your account so you can access them across devices; you can delete them at any time and they are permanently removed within 30 days.
6. Account and billing data we do collect
- Account data: email, name, organisation, role, password hash, sign-in timestamps and IP address (for security logging).
- Billing data: handled by Stripe; we receive the last four digits of your card, country and billing email only.
- Anonymous usage metrics: feature invocation counts, latency, error rates. No transcripts, no audio, no screenshots, no identifiers tied to content.
- Shared dictionary: only words your team chooses to add (names, jargon, acronyms).
- Support correspondence: emails and messages you send us.
7. What we never collect
- Your audio recordings.
- The text you dictate into third-party apps.
- Screenshots, keystrokes, clipboard contents or window titles.
- Content from apps, documents, browsers or messaging tools you use Speakr alongside.
- Location data, contacts, calendar entries, or files on your device.
8. Legal bases for processing (UK GDPR / EU GDPR Art. 6)
- Contract — to provide the Speakr service to you (account, billing, support).
- Legitimate interests — securing our service, preventing abuse, and improving reliability through anonymous metrics.
- Legal obligation — accounting, tax, and responding to lawful requests.
- Consent — for any optional cookies and for any future feature that would change how voice or screen data is handled. We will ask before changing the default.
9. Data residency and international transfers
Account, billing and dictionary data are stored in the UK and the EU. Where a cloud inference call is necessary (see §4), it is routed to UK/EU endpoints. Stripe and Resend may process limited data in the United States under the EU–US Data Privacy Framework and UK Extension, plus Standard Contractual Clauses. Enterprise customers can request EU-only or on-premise deployment with no third-country transfers.
10. Sub-processors
- Stripe Payments Europe Ltd — payment processing (Ireland / USA).
- Supabase / Lovable Cloud — account database and authentication (EU region).
- Resend — transactional email (USA, under SCCs).
- Cloudflare — TLS termination and DDoS protection (global edge, no content stored).
An up-to-date sub-processor list is available on request from privacy@speakrstream.com.
11. Retention periods
- Voice audio: zero retention.
- Screen captures: zero retention.
- Account data: while your subscription is active and 90 days after cancellation, then permanently deleted.
- Billing records: 7 years (UK tax law).
- Anonymous usage metrics: 13 months.
- Security logs: 12 months.
12. Security
SOC 2 Type II and ISO 27001 certified. TLS 1.3 in transit, AES-256 at rest. Strict least-privilege access controls, mandatory MFA for staff, full audit logging, and annual third-party penetration testing. Local models are signed and verified at startup.
13. Your rights
Under UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Erase your account ("right to be forgotten").
- Export your data in a portable format.
- Restrict or object to processing.
- Withdraw consent at any time, where consent is the legal basis.
- Complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.
Email privacy@speakrstream.com or use the in-app data controls. We respond within 30 days.
14. Children
Speakr is not intended for and is not marketed to anyone under 16. We do not knowingly collect data from children.
15. Automated decision-making
Speakr does not make decisions with legal or similarly significant effects about you using automated processing.
16. Changes to this policy
We will notify you by email and in-app at least 30 days before any material change. Continued use after the effective date constitutes acceptance.
17. Contact
Speakr Ltd, registered office in England and Wales.
Privacy: privacy@speakrstream.com
Data Protection Officer: dpo@speakrstream.com
Security disclosures: security@speakrstream.com