Back to Mikey

Privacy Policy

Last updated: 18 May 2026

Mikey is a voice-dictation app for macOS and iOS. This page explains what we collect, what we do with it, and how to have it deleted. Plain English, no lawyer-speak.

What we collect

• Account info: your email address and (if you use password sign-in) a hashed password. If you sign in with Apple or Google, we get whatever the OAuth provider gives us — usually just email and a stable user ID.
• Audio: while you're dictating, audio from your microphone is sent over HTTPS to our backend, which forwards it to our speech-to-text provider. We do not retain audio after transcription. Our provider's own retention policy applies during transcription — see the list of current processors below.
• Transcripts: transcribed text is returned to your device and inserted into whichever app you're using. We do not store the text of your transcripts on our servers.
• Usage telemetry: for each dictation we record metadata — timestamp, audio duration in seconds, model used, whether the LLM rewrite ran, success/failure status (with any system error message), the length of the transcribed text (character count, not the content), processing latency in milliseconds, platform (macOS or iOS), and your user ID. We do not log the audio content or the transcript text itself. We use this to debug issues, track aggregate usage, and enforce the free-tier minute cap.
• Subscription state: if you subscribe, we receive the subscription status (active, cancelled, etc.), customer ID, and billing period dates from Lemon Squeezy. Payment details (card numbers) never reach us — Lemon Squeezy handles them as Merchant of Record.

What we don't collect

• Your keystrokes. The Mikey keyboard extension on iOS only inserts text via Apple's standard UITextDocumentProxy.insertText. It does not read, log, or transmit anything you type in other apps.
• The content of your dictations. Transcripts are transient — inserted into your current app and then gone from our systems.
• Your contacts, calendar, location, photos, or files. Mikey only asks for microphone permission and (on macOS) accessibility permission for the global keyboard shortcut.
• Advertising data. No ads, no tracking pixels, no third-party analytics that profile you.

Third parties

Mikey relies on these processors. They process data on our behalf and have their own privacy policies. The list may change as our infrastructure evolves; we'll update this page when it does, and we'll notify existing users by email if a change is material.

Current processors:

• Supabase — account authentication and database (where your email and subscription state are stored).
• Speech-to-text and language-model processing — a third-party provider converts your dictation audio to text and powers the AI rewrite features. Audio is sent to it transiently and not retained by us. We may change which provider we use as our infrastructure evolves.
• Cloudflare — hosts the backend Worker that proxies requests.
• Lemon Squeezy — handles subscription checkout, billing, and tax compliance as our Merchant of Record.

How long we keep it

• Account info: as long as your account exists. Deleting your account removes it.
• Audio: never retained after transcription completes (typically seconds).
• Transcripts: never stored on our servers.
• Telemetry events: kept while you have an active account. Deleted when you delete your account.
• Subscription records: kept for as long as legally required for tax and accounting purposes, even after account deletion.

Your rights

If you're in the EU/EEA, UK, or other jurisdictions with similar rights, you can:

• Access & port your data. Mikey for Mac has a one-tap export — Settings → Account → Download my data — that gives you a JSON file of everything we hold tied to your account (your account record, subscription, usage, custom shortcuts, and dictation telemetry).
• Correct inaccurate data.
• Delete your account and all associated personal data (except billing records we're legally required to retain).
• Object to or restrict processing.
• Withdraw consent at any time.

For anything the in-app export doesn't cover, email us using the address below and we'll handle it within 30 days.

Security

All data in transit uses HTTPS (TLS). Account passwords are hashed by Supabase using industry-standard algorithms; we never see your plaintext password. Sessions are stored in your device's Keychain. We don't implement any custom cryptography — Mikey relies on the encryption built into Apple's operating system and the HTTPS standards used by every service we connect to.

Children

Mikey is not directed at children under 13. We don't knowingly collect data from anyone under 13.

Changes

If this policy changes, we'll update the "Last updated" date at the top. Material changes will be communicated to existing users by email.

Legal basis (GDPR)

We process your data on the following legal bases:

• Contract: to provide the dictation service you signed up for.
• Legitimate interest: debugging, abuse prevention, and aggregate usage analysis.
• Consent: microphone access (granted via the OS prompt).
• Legal obligation: retaining billing records for tax purposes.