1. Local-first product behavior
VoiceSlate stores raw history, archives, screenshots, settings, and learning signals on the user’s own device by default. The product is intended to make local records visible and controllable instead of hiding them behind opaque cloud behavior.
2. Third-party providers
When a user chooses a speech-to-text provider, large language model provider, or other external AI service, the minimum content required for that action may be sent to that provider. Those requests are governed by the provider’s own terms and privacy policies.
Examples include transcription providers, LLM APIs, and optional hosted services used for polishing, translation, prompt generation, or quick answers.
3. API keys and user-supplied credentials
VoiceSlate supports bring-your-own-key workflows. User-supplied API keys are intended to remain tied to that user’s own client setup. They are not meant to be published or shared with other users. Product maintainers should not bundle personal API keys into public installers or releases.
4. Account and subscription data
If account sign-in or subscription features are enabled, basic account metadata and subscription status may be processed by the configured authentication or billing backend. For commercial deployments, operators should provide a clear data controller identity and update this policy with the exact backend location and operator details.
5. Analytics
By default, VoiceSlate does not require product telemetry to function. If website analytics or product analytics are later enabled, the operator should disclose the tool used, the scope of collection, and the retention policy.
6. User control
- Users can manage local history, archives, screenshots, and memory-related records.
- Users can choose their own providers and keys.
- Users can disable optional personalization features where supported.
7. Contact and operator update
This page is a current product-facing baseline policy for VoiceSlate. Before a full commercial launch, the operator should replace or extend it with the legal entity name, contact email, and jurisdiction-specific disclosures that apply to the deployed service.