Privacy

Privacy Policy

Effective April 28, 2026. This page explains what Shruvi collects, how audio and transcripts are handled, who we share data with, and the rights you have over your information.

Desktop dictation app Zero audio retention after transcription We never sell personal data
1. Overview

What this policy covers

Shruvi is a desktop dictation product: you hold a hotkey, speak, and Shruvi transcribes your speech and pastes the text into whatever app is in focus. To provide that service, Shruvi processes audio for transcription, stores account and device information, and may store transcript history when you are signed in.

This Privacy Policy applies to the Shruvi website (shruvi.com), the Shruvi desktop application, and related support interactions. It does not cover third-party websites or applications that you paste transcribed text into.

2. Who we are

Data controller and contact

"Shruvi," "we," "us," and "our" refer to the operator of the Shruvi service. For the purposes of the EU and UK GDPR, Shruvi is the data controller for personal data collected through the website and desktop application.

For any privacy question, data request, or complaint, contact [email protected]. For general product support, contact [email protected].

3. Information we collect

Data categories

Account data
Email address, authentication provider details, password hash (if you use email/password sign-in), display name, and basic account metadata.
Device data
Device name, operating system, app version, last seen timestamp, and authentication tokens used to keep your desktop app signed in.
Audio input
The audio you capture while holding the dictation hotkey. Audio is sent to transcription providers, converted into text, and discarded. Shruvi does not retain raw audio after a dictation session ends.
Transcript content
The text produced by transcription, and any cleanup edits applied to it. If you are signed in, transcript history may be stored on your account so it is available across your devices.
Usage and diagnostics
Feature usage counters, error reports, performance metrics, and anonymized crash logs used to keep the app reliable. We do our best to exclude transcript or audio content from diagnostic reports.
Support data
Messages you send to support, including your email address and anything you include in the request.
Website data
Infrastructure logs and CDN metadata needed to serve the site and downloads. The Shruvi website does not currently run ad-tech trackers or marketing cookies.
4. Audio and transcripts

How voice data is handled

When you dictate, Shruvi captures audio locally, streams it over an encrypted connection to the Shruvi backend, and forwards it to a transcription provider to produce text. The text is returned to your device and pasted into the app you are using.

Audio retention: Shruvi does not retain raw audio on its servers beyond the duration of the active transcription request. Audio is processed in-memory and discarded as soon as the transcript is returned. Audio is not used to train Shruvi's models and is not used to train the models of our transcription providers under the agreements we have with them.

Transcript retention: If you are signed in, transcript text may be stored on your account so history and sync work across your devices. You can delete individual transcripts, clear history, or request full account deletion at any time.

Important: you are responsible for what you choose to dictate. Do not dictate protected health information (PHI), other people's speech without their consent, or content that you are not authorized to transcribe. See the Terms of Service for full acceptable-use rules.

5. How we use data

Purpose of processing

  • To authenticate you and keep your desktop app signed in.
  • To transcribe speech, clean up formatting, and return the result to your device.
  • To show transcript history and sync data across your devices.
  • To operate security features such as device revocation, session invalidation, and stale-token cleanup.
  • To respond to support requests and diagnose service issues.
  • To monitor reliability, performance, and abuse of the service.
  • To comply with applicable legal obligations.

Shruvi does not sell personal information, does not share it for cross-context behavioral advertising, and does not use your audio or transcript content to train its own models.

6. Legal basis (EU / UK users)

Why we are allowed to process your data

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

  • Contract: processing needed to deliver the service you signed up for, including authentication, transcription, and sync.
  • Legitimate interests: keeping the service secure, preventing abuse, monitoring reliability, and improving the product in ways that do not override your rights.
  • Consent: where consent is required (for example, optional analytics or marketing communications), we ask for it and you can withdraw it at any time.
  • Legal obligation: where we must process data to comply with applicable law.
7. Service providers and sub-processors

Who processes data on our behalf

Shruvi relies on the following providers to deliver the service. Each receives only the data needed for its role and is bound by a data processing agreement or equivalent contract.

Groq
Speech-to-text transcription (default provider). Receives audio for the duration of a dictation request.
OpenAI
Transcription (alternative provider) and AI cleanup of transcript text. Receives audio and/or transcript content for the duration of a request.
Hetzner
Backend hosting in the EU. Stores account and transcript data at rest.
Cloudflare
Website delivery, DNS, and DDoS protection for shruvi.com and downloads.shruvi.com.
GitHub
Distribution of desktop release binaries as a mirror for downloads.
Sentry
Error monitoring and crash reporting for the desktop app and backend.
Better Stack
External uptime monitoring of the public dictation backend and the public service status page at status.shruvi.com. Receives only HTTP health-check responses — no user, audio, or transcript data.
Email provider
Transactional email for sign-in, account notifications, and support replies.

This list may change as the service evolves. Material changes to sub-processors will be reflected on this page.

8. International transfers

Where your data is processed

Shruvi's backend is hosted in the European Union. Some of our sub-processors are located in the United States or other jurisdictions. Where personal data is transferred outside the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms offered by the sub-processor.

9. Retention

How long data stays around

  • Raw audio: not retained beyond the duration of an active transcription request.
  • Account data: retained while your account is active and for a short period afterwards to handle recovery and legal obligations.
  • Transcript history: retained until you delete individual items, clear history, or delete your account.
  • Device sessions: automatically revoked after an extended period of inactivity, or when you sign out.
  • Support messages: retained as long as needed to handle and audit the request.
  • Diagnostic and error logs: retained for a limited window needed to investigate issues.

When data is no longer needed, we delete or anonymize it, subject to operational and legal requirements.

10. Your rights

Access, correction, deletion, and more

Depending on where you live, you may have the following rights over your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to fix information that is inaccurate or incomplete.
  • Deletion — ask us to delete your account and personal data, subject to exceptions required by law.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection and restriction — object to, or ask us to limit, certain processing based on legitimate interests.
  • Withdraw consent — where we rely on consent, withdraw it at any time without affecting prior processing.
  • Lodge a complaint — with your local data protection authority if you believe we have handled your data unlawfully.

To exercise any of these rights, email [email protected]. We will respond within the timeframes required by applicable law.

11. California residents

Your CCPA / CPRA rights

If you are a California resident, you have the right to know what personal information we collect, to request deletion of your personal information, to correct inaccurate information, and to opt out of the "sale" or "sharing" of personal information as defined by California law.

Shruvi does not sell personal information and does not share it for cross-context behavioral advertising. We do not knowingly collect personal information from anyone under 16.

To exercise your California rights, contact [email protected]. You may designate an authorized agent to make a request on your behalf.

11a. Indian residents (DPDP Act)

Your rights under India's Digital Personal Data Protection Act

If you are located in India, the Digital Personal Data Protection Act, 2023 ("DPDP Act") gives you specific rights over your personal data. You have the right to:

  • Obtain a summary of the personal data we process about you and the processing activities involved.
  • Request correction, completion, updating, or erasure of your personal data.
  • Withdraw consent that you previously gave for processing.
  • Nominate another individual to exercise your rights in the event of your death or incapacity.
  • Lodge a grievance about how we handle your data.

To exercise any of these rights or raise a grievance under the DPDP Act, email [email protected]. We will respond within the timeframes required by Indian law. If you are not satisfied with our response, you may approach the Data Protection Board of India.

12. Children

Age requirements

Shruvi is not directed to children. You must be at least 13 years old (or 16 where required by local law) to use the service. If we learn that we have collected personal data from a child under the applicable minimum age, we will delete it.

13. Security

How we protect data

Shruvi uses HTTPS and secure WebSockets for all network traffic, authenticated device tokens, encrypted storage for account credentials, restricted backend access, and isolated production secrets. We monitor for unusual activity and regularly review our configuration.

No internet-connected system can guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify affected users and applicable regulators as required by law.

14. Changes to this policy

Updates

We may update this Privacy Policy as the service evolves. The "Effective" date at the top of this page reflects the most recent update. For material changes, we will provide additional notice (for example, in-app or by email) where appropriate.