Privacy

bluemacaw is a desktop app. Your audio and your API keys never touch a bluemacaw server because we don't run one.

API keys

Your provider API keys are stored in your OS's native credential storage:

• macOS: Keychain Services (per-app ACL, hardware-backed on Apple Silicon)
• Windows: Credential Manager / DPAPI (per-user, encrypted at rest with your login credentials)
• Linux: Secret Service via gnome-keyring or KWallet (per-user, encrypted at rest)

Keys are fetched only at the moment of transcription, held in memory for the duration of one HTTP request, and never written to disk outside the OS credential store. Keys are never logged, never sent to bluemacaw's servers (we don't have any), and the source code path that handles them is open: packages/desktop/src-tauri/src/secrets/.

Audio

Audio is captured by cpal directly from your microphone, sent only to the STT provider you chose, and never persisted by bluemacaw.

History

Transcribed text is stored locally in a SQLite database in your app data directory. Default retention is a rolling 1-year window; you can change this or disable history entirely in settings.

Telemetry

Zero telemetry. No analytics SDK installed, no error reporting, no usage tracking. If we ever add any of these, it will be opt-in with a settings toggle that defaults off.

Threat model

Any process running as your user account can ask the OS keychain for secrets it knows about — this is a platform-level limitation on Windows and Linux, not specific to bluemacaw. macOS Keychain provides stronger per-app isolation. If you require stronger isolation on Windows or Linux, consider running bluemacaw under a dedicated user account.

bluemacaw is open source under Apache 2.0. If you want to verify any of the above, the code is at github.com/programow/vox-era.