Which Transcription Apps Send Your Audio to the Cloud? We Read All Their Privacy Policies

When you transcribe something, the audio is rarely just audio. It is a sales call, a doctor's appointment, a journalist's source interview, a legal deposition, or a private conversation. Where that recording is processed — on your own device, or on a company's servers — decides who else can technically access it, whether it can be used to train AI, and how long it sticks around.

Most privacy comparisons get lost in features: encryption standards, SOC 2 badges, "we don't sell your data" pledges. Those matter, but they are downstream of a single decision every transcription app makes before any of them apply — whether your audio leaves your device at all.

The privacy of a transcription app is set by one architectural choice — does your audio leave the device? Everything else is a footnote to that answer.

So that is the question we answer here, app by app. We read the published privacy policies, security pages, and Apple App Store privacy labels for the most popular transcription apps so you can see — before you choose one — exactly where your audio goes and what each company says it does with it. Every claim below traces to that company's own public disclosure, cited inline; where a company does not disclose something, we say so rather than guess.

On-device
Your device Stays here

No account. Nothing uploaded. No company server to subpoena.

Cloud
Your device Company servers
Stored May train AI Retained per policy
Where your audio goes. On-device apps keep the recording local; cloud apps process it on their servers, where each company's own policy governs storage, training, and retention.

What changes the moment audio leaves your device

Once a recording is uploaded, three things become true that were not true while it sat on your phone. They are the lens for everything that follows.

Access

More parties can reach the file than you can name — staff, sub-processors, the infrastructure provider, anyone with a warrant. A local recording hands a copy to none of them.

Training

Your words can become training data for someone's model — sometimes by default, sometimes behind an opt-out you have to go find.

Retention

The recording persists on the company's timeline, under a policy it can change, rather than disappearing when you are done.

None of this makes the cloud the wrong choice. Cloud tools exist for real reasons: shared workspaces and team collaboration, integrations with Zoom, Meet, and a CRM, larger server-side models that can lift accuracy and speaker labelling, and freedom from your device's compute, battery, and storage limits. On-device trades some of that away. This piece is deliberately narrower than that whole decision — it maps the one thing the marketing rarely makes plain: where your audio physically goes, and what each company says happens to it once there.

The comparison at a glance

Plotting the apps on two axes — where they transcribe and how much they do with the data around your recording — sorts them into four corners. The most telling one is empty.

On-device · keeps data to itself

Utterly Aiko MacWhisper

Cloud · more restrained

Fireflies Trint Sonix Descript

On-device · uses data more

Empty for audio — keeping the recording local takes it off this axis.

Cloud · uses data more

Rev Otter HappyScribe Notta
Left to right: where your audio is processed. Top to bottom: how much each app trains on, retains, or tracks around your recording, by its own disclosures. Nothing sits bottom-left — once the audio stays on the device, there is little left to exploit in the recording itself.

And in detail, where each app sits on those three questions, by its own account. The last column is the part to read first.

AppWhere it transcribesAccountTrains on your audioRed flags
Otter.ai Cloud Required Default de-identified; manual review opt-in Trains by default Tracks you Policy can change
Rev Cloud Required Opt-out own ASR only; not external LLMs Opt-out to stop training Policy can change
Descript Cloud Required Off by default opt-in sharing No public privacy label Policy can change
Notta Cloud Required Not specified broad "improve our Service" right Policy silent on training Tracks you Policy can change
Fireflies Cloud Required No vendors barred from training Policy can change
HappyScribe Cloud Required Default with opt-out Trains by default Policy can change
Trint Cloud Required No per its security page No-train promise not in policy Policy can change
Sonix Cloud Required No No public privacy label Policy can change
Aiko On-device None No None noted
MacWhisper On-device cloud opt-in None Not disclosed None noted
Utterly On-device None No None noted

Why "we don't train on your data" is the wrong question

Several cloud apps here make a genuine, on-the-record promise not to train on your recordings. Take them at their word. The issue is what kind of promise it is.

A cloud guarantee is conditional and mutable. It can depend on a setting you have to locate and switch off — an opt-out, not an opt-in. It can live in a security page's marketing copy rather than the binding privacy policy. And it is only ever as durable as the next policy update, the next acquisition, or the next breach, none of which you control. The audio is already on the server; you are trusting a sentence to keep it safe.

On-device is a different kind of answer. There is no server to re-permission, subpoena, or breach, because the recording never left in the first place. The guarantee is structural rather than promissory — it holds not because a company pledges it, but because the architecture makes the alternative impossible. That is what is worth optimizing for: not whether a given cloud app trains on your audio today, but whether anything could change that without your say.

With that lens, here is what each company actually discloses.

The cloud apps, in their own words

These break into three rough camps. Some use your recordings to improve their own models by default and leave you to opt out. Some train only if you opt in — or say they do not train on your audio at all. And one barely addresses the question while wiring the data around your recordings into ad networks. Read each through the same lens: access, training, retention.

Otter.ai

Cloud · trains by default · account required.

Otter transcribes in the cloud: it uploads audio to AWS infrastructure in the US and processes it there, and neither its policy nor its security page advertises on-device transcription (per Otter's privacy policy and Privacy & Security page). Otter says it trains its own AI on de-identified audio and transcriptions as a general practice, with no opt-out described for that de-identified training, while manual human review of a specific recording requires explicit, opt-in consent (per Otter's privacy policy and Privacy & Security page). It also states it does not sell personal information and that customer data is not used to train its AI service providers' models (per Otter's Privacy & Security page). Its App Store label lists Audio Data, under User Content, as Linked to You (per Otter's App Store listing, id1276437113).

Rev

Cloud · trains its own ASR unless you opt out.

Rev is a cloud service combining AI and human transcription, with audio stored on AWS/S3 and no on-device mode disclosed (per Rev's privacy and security pages). Rev distinguishes its own speech-recognition models from external ones: it says it may use customer data to improve its own ASR technology but lets you opt out at any time, and it states it never trains external LLMs on your data and does not sell customer data (per Rev's security page and security-commitment blog). Human transcriptionists who may access content sign NDAs and are identity-verified (per Rev's security page). Its App Store label lists Audio Data as Linked to You and no category as Used to Track You (per Rev's App Store listing, id598332111).

Descript

Cloud · won't train unless you opt in.

Descript uploads and stores audio and video on its cloud (Amazon S3 / Google Cloud) and transcribes server-side, either via the Rev cloud service or a self-hosted Whisper model, with no local-only mode disclosed (per Descript's security page). On training, its privacy policy frames a "Share Data with Descript" setting you can disable, and its security and help pages describe that control as disabled by default, so user content is not used to improve the service unless you enable sharing (per Descript's privacy policy and security page). We could not locate a verified first-party Descript iOS App Store listing with an Apple privacy label, so its audio-data label is recorded as not found rather than guessed.

Notta

Cloud · training unspecified · heavy ad-tracking.

Notta transcribes in the cloud, hosting all software on AWS with data stored in a Tokyo data center, encrypting it in transit (TLS 1.2) and at rest (AES-256), and it says files are transcribed by machines and never seen by a human (per Notta's security page and help center). An account is required — you provide a name, email, and password to use the service (per Notta's privacy policy). On training, Notta's policy is conspicuously non-specific. It reserves a broad right to "analyze and improve our Services," but no clause anywhere states whether your recordings are used to train its AI models. The only explicit AI-training statement is a carve-out — that Google Workspace API data is not used to train generalized models (per Notta's privacy policy). It states no general retention period for recordings, though trashed files are permanently deleted after 30 days and Enterprise workspaces can configure auto-deletion (per Notta's Security & Privacy help article). The notable part sits around the recordings rather than in them. Notta's privacy policy and cookie disclosures describe sharing with advertising partners — Facebook among them — and extensive ad and analytics tracking, and its App Store label lists Identifiers as Used to Track You. That is a more commercially wired posture than any other app here, even though Notta does not say it sells the recordings themselves (per Notta's privacy policy and App Store listing, id1480649572).

Fireflies

Cloud · says it doesn't train · 30-day deletion.

Fireflies is a cloud meeting notetaker: it states meeting audio, video, transcripts, and summaries are stored and processed in its secure cloud infrastructure in the US (AWS and GCP), with no on-device transcription claimed (per Fireflies' privacy policy and data-storage knowledge base). It says its vendors are contractually prohibited from using customer data to train their own AI models and that meeting content is not retained by those vendors after processing, and it deletes account-related personal information within 30 days of account closure (per Fireflies' privacy policy and security page). Its App Store label lists Audio Data as Linked to You (per Fireflies' App Store listing, id6463164203).

HappyScribe

Cloud · trains by default · opt-out available.

HappyScribe runs entirely in the cloud on AWS and Heroku and does not claim on-device processing (per HappyScribe's security page). Its privacy policy describes storing content to train machine-learning algorithms as a default capability with personal data anonymised, and its terms grant a broad license to train ASR/AI models while describing an opt-out via account settings or support — so content is used unless you opt out (per HappyScribe's privacy policy and terms). Its App Store label lists Audio Data as Linked to You and no category as Used to Track You (per HappyScribe's App Store listing, id6747448962).

Trint

Cloud · says it doesn't train (in security copy).

Trint is a cloud service that processes and stores uploaded audio and video on AWS, in either an EU or US tenant depending on your chosen data residency, with no on-device mode disclosed (per Trint's security page).

Trint's App Store label lists Audio Data as Linked to You and no category as Used to Track You (per Trint's App Store listing, id1580354617).

Sonix

Cloud · says it doesn't train.

Sonix is a web-based platform that uploads and processes audio on its servers, with encryption at rest and possible transfer outside the EEA/UK, and no on-device processing advertised (per Sonix's security page and privacy policy). It states consistently, on both its help center and security page, that it does not use customer data for training (per Sonix's "Does Sonix train data" help article and security page). We could not locate a first-party Sonix iOS App Store listing, so its audio-data label is recorded as not found rather than attributed to a similarly named third-party app.

The on-device alternatives

A few apps keep the audio on your machine. With these, there is no server to upload to in the default path, so the cloud-policy questions above mostly fall away. On-device is not risk-free — a phone can be lost, seized, or backed up to iCloud, and any opt-in cloud feature reopens every cloud question — but it removes the specific server-side exposures: a standing copy on someone else's infrastructure, the training pipeline, the breach, the third-party subpoena.

Aiko carries an App Store privacy label of "Data Not Collected" — no data categories at all — and the developer states transcription runs locally using OpenAI's Whisper model, with nothing leaving the device; the macOS build ships without a network entitlement (per Aiko's App Store listing, id1672085276, and the developer's product page). No account is mentioned, and recordings stay in a local folder with an optional 7-day auto-delete.

MacWhisper (listed as "Whisper Transcription") transcribes on-device by default using downloaded models, and its policy states no audio, text, or other data leaves your device in that mode (per MacWhisper's privacy policy and support docs). It also offers optional, user-selected cloud providers (such as Groq, ElevenLabs, or Deepgram) that send audio to a third party only if you choose them; those providers' own terms govern that data. MacWhisper does not disclose whether it trains on user content — though its default local mode has no uploaded audio to train on, so the question only reattaches if you turn on a cloud provider (per MacWhisper's support docs). Its App Store label lists only Usage Data, Not Linked to You, and no Audio Data (per MacWhisper's App Store listing, id1668083311).

Utterly — published by this site — performs 100% on-device transcription on iPhone, iPad, and Mac: no account, no upload, nothing leaving the device, and nothing used for training (per Utterly's privacy policy and App Store listing, id6757885218). It supports 25 European languages and offers a $49.99 lifetime option. We list it as one of the on-device choices alongside Aiko and MacWhisper, not as the only good one — the honest takeaway is that on-device apps keep your audio local, while cloud apps process it on their servers under their own policies.

The shortcut. If a recording would be a problem in someone else's hands, choose an app where it never reaches them. On-device tools — Aiko, MacWhisper, Utterly — make that the default rather than a setting. Among cloud tools, prefer ones whose no-training promise lives in the binding privacy policy and whose retention is short and explicitly stated. Just be clear-eyed that you are choosing a promise, not an architecture. The question to ask before you pick a transcription app is not how a company promises to behave — it is whether your audio is ever somewhere that promise has to hold.

How we did this

We compiled this on 15 June 2026 from each company's public App Store privacy labels and published privacy policies, security pages, and help-center articles. App Store privacy labels are self-reported by developers and carry Apple's standard note that the information has not been verified by Apple. We could not find verified first-party iOS App Store privacy labels for Descript or Sonix, so those are recorded as not found rather than attributed to similarly named third-party apps. Notta's "trains on your audio" cell reads "not specified" because its privacy policy reserves a broad right to improve the service but contains no clause addressing whether recordings train its AI models. Companies can and do change these policies, so treat this as a snapshot and check the primary sources yourself: Otter, Rev, Descript, Notta, Fireflies, HappyScribe, Trint, Sonix, Aiko, MacWhisper, and Utterly.

Try Utterly — Private AI Transcription

25 European languages, 100% on-device, no account required. Free on iPhone, iPad, and Mac.

Download Free