Legal

Privacy Policy

Effective: May 4, 2026. Last updated May 4, 2026.

The short version

VOOIS transcribes your voice on your Mac. The audio never leaves your machine, ever. The only things our servers ever see are your email address, the license key we issue you, and a hashed identifier of your Mac (so we can enforce the one-active-Mac rule). We don't run analytics, we don't set cookies on this site, and we don't share your data with anyone except the four processors needed to run the business. You can reach me at support@voois.app any time to request your data or have it deleted.

Who this applies to

This policy covers the VOOIS website at voois.app, the VOOIS macOS app, and the license-validation backend at api.voois.app. "We" / "us" refers to Lorenzo Decaria, the sole operator of VOOIS, based in Italy. "You" refers to anyone who uses any of the above.

What we collect

We try to collect as little as possible. Concretely:

Your email address — given when you join the waitlist or check out through Stripe. Used to send you the activation link, transactional emails about your license, and (for waitlist signups) one message at launch.
Your license key — generated by us when you complete a Stripe purchase. Stored alongside your email so we can validate the key when your app phones home.
Your Stripe customer ID — returned by Stripe when you check out. Used to look up your purchase if you request a refund or change of email.
A hashed device fingerprint — when your app calls our license endpoints, we store a SHA-256 hash of your Mac's platform UUID + primary built-in NIC's MAC address. We never see the raw values, only the hash. The hash lets us enforce one active Mac per license without learning anything else about your hardware.
IP address and browser/app user-agent — recorded on license events (/activate, /validate, /deactivate) for fraud prevention and basic audit logs. Kept for 12 months and then deleted.
Waitlist source page — if you join the waitlist, we record which page on our site the signup came from. Helps us know which pre-launch posts work. No tracking across sites.

What we don't collect

This part matters more than the previous one:

Your audio. Whisper runs on your Mac. The audio is decoded in memory and discarded as soon as the transcription is done. None of it is ever sent to us, and there's nothing we could store even if we wanted to.
Your transcribed text. Same reason. Once the text is injected into the field you're typing into, our app forgets it.
Usage telemetry. The app does not phone home with how many words you dictated, which apps you used VOOIS in, or how often you used it. The only outbound traffic from the app is the once-a-day license check (a few hundred bytes) and the initial Whisper model download.
Cookies on this marketing site. No analytics, no Google Tag Manager, no Facebook Pixel, no consent banner because there's nothing to consent to.
Account passwords. There are no accounts. Your license key is the entire credential.

How we use what we collect

Send you the one-click activation link after a Stripe purchase, and one launch-day message if you joined the waitlist.
Validate your license against the device hash on activation and on the periodic check-in (about once a day).
Investigate refund requests, fraud, or technical issues.
Comply with legal obligations (e.g. Italian tax law on sales records).

That's the complete list. We don't sell your data, we don't share it for advertising, and we don't profile you.

Who else sees your data

To run the business we use four sub-processors. Your email and a small amount of related data passes through their systems:

Stripe — processes the $49 payment. Stripe sees your email, payment details, and (if applicable) billing address. We never see your full card number — Stripe holds that. Stripe's privacy policy.
Resend — sends transactional email (the activation link, the waitlist confirmation). Resend sees your email and the message we send you. Resend's privacy policy.
Neon — hosts the Postgres database that stores license records and waitlist signups. Neon sees the data we store but never decrypts traffic in transit. Neon's privacy policy.
Vercel — hosts this website and the license-validation API. Vercel sees server logs (IP, user-agent, path) and serves the static landing pages. Vercel's privacy policy.

That's it. Four companies. We don't use any other third-party processor on the website, in the app, or in the email pipeline.

International transfers

Stripe, Resend, Neon, and Vercel are US-based companies. If you're in the European Economic Area, the United Kingdom, or Switzerland, your data is transferred to the United States when it touches one of those services. The transfers rely on the EU-U.S. Data Privacy Framework where applicable, and on Standard Contractual Clauses where it isn't. The data we transfer is minimal (email + license + Stripe ID + hashed fingerprint).

How long we keep it

License records — kept for the lifetime of your license, i.e. as long as you may want to activate VOOIS on a new Mac. You bought a one-time license; we have no reason to delete the proof you bought it.
Waitlist signups — kept until launch + 30 days, then deleted automatically. You can ask for earlier deletion by emailing us.
License-event logs (IP + UA on activate/validate) — kept for 12 months, then deleted.
Stripe purchase records — Stripe is a regulated payment processor and keeps records per its own retention rules. We can delete the email and license-key link on our side at your request, but Stripe retains the underlying transaction.

Your rights

If you're in the EEA, the UK, Switzerland, California, or another jurisdiction with similar laws, you have rights over the data we hold about you:

Access — ask us what we have on you and we'll send it.
Correction — fix anything that's wrong (typically: your email address).
Deletion — delete your data. If you delete your license record, the license stops working — we can't validate a license we don't remember issuing.
Portability — get your data in a structured, machine-readable format (JSON).
Objection / restriction — object to specific uses, or ask us to pause processing.

To exercise any of these, email support@voois.app. We respond within 30 days. We don't charge for these requests.

You also have the right to lodge a complaint with a supervisory authority — for Italian users, the Garante per la protezione dei dati personali; for other EU users, the authority in your country.

Children

VOOIS is not directed at children under 16, and we don't knowingly collect data from anyone under 16. If you believe a child has given us their email, write to support@voois.app and we'll delete it.

Security

License-validation responses from our server are signed with HMAC-SHA256, so even our own cached responses on your Mac can't be forged or extended. Our database is hosted by Neon with encryption at rest and TLS in transit. Stripe handles all payment-card data; we never see it. The website serves over HTTPS only.

Changes to this policy

We'll post any changes here with a new "Last updated" date. If a change is material — say, a new sub-processor, or a meaningfully expanded category of collected data — we'll also email everyone with a license. Continued use of VOOIS after a change means you accept it.

Contact

VOOIS is operated by Lorenzo Decaria as an individual developer, based in Italy. For privacy questions, data requests, or anything else: support@voois.app.