Security · Network disclosure
Every network connection the app can make.
Below is every outbound connection, what it sends, and how to switch it off. You can confirm the local-first claim yourself with the in-app network log or a packet capture.
Last verified against v0.6.20 · 2026-06-10
The core promise
Meeting audio, transcripts, summaries, and voiceprints never leave the device. Transcription, speaker diarization, voice matching, and AI summarization all run locally. The table below is the complete list of network traffic the app can generate.
Applies to v0.6.20 and later. In earlier versions (≤ 0.6.19) the network audit log does not yet record licence and referral calls and Hard Offline Mode does not block them; the strict webview CSP and the “Your data” panel also arrive in v0.6.20.
Connections
| # | Purpose | Destination | When | What is sent | Off switch |
|---|---|---|---|---|---|
| 1 | Auto-update check + download | GitHub Releases (public release repo) | App start / manual “Check for updates” | HTTP GET only; no user data. Standard HTTP metadata (IP, user agent) reaches GitHub. Updates are ed25519-signature-verified before install. | Hard Offline Mode pauses it; per-brand auto-update flag |
| 2 | AI model download | GitHub (public model repo) | First-run wizard, model change, repair — always user-initiated | HTTP GET of model files; no user data | Don't run downloads; offline mode blocks |
| 3 | Licence activation / daily heartbeat / deactivation | Licence API (localtranscript.com) | Only when a licence key is stored. Domain-activated (corporate) and free installs send nothing | Licence key, machine fingerprint (SHA-256 of hardware IDs — no serial numbers in clear), hostname hint, OS, app version, account email | Don't activate online (offline token paste exists); Hard Offline Mode blocks (90-day grace period applies) |
| 4 | Referral program | Referral API (localtranscript.com) | Only after the user explicitly joins the referral program | Email, referral code, machine fingerprint, marketing-consent bit | Don't join; Hard Offline Mode blocks |
| 5 | Crash + performance telemetry | Sentry, EU region (*.ingest.de.sentry.io) | Opt-in, default OFF. Only in builds compiled with a DSN, only after the user consents (setup wizard or Settings) | Scrubbed crash reports + timing spans: app version, hardware tier, error stacks with usernames redacted on-device. Never audio, transcripts, names, or file contents | Default is off; Settings toggle; Hard Offline Mode overrides to off |
| 6 | Cloud transcription / cloud AI (optional providers) | OpenAI, Anthropic, or Infomaniak (Switzerland) — user's choice | Only when the user explicitly configures a cloud provider with their own API key. Local is the default | Meeting audio (cloud transcription) or transcript text (cloud AI actions) — to the provider the user chose, under the user's own account | Never configure a provider; “local” is the default; Hard Offline Mode blocks |
| 7 | Calendar fetch (iCal) | The user's own calendar URL | Only when the user configures a calendar URL | HTTP GET of the iCal feed | Don't configure; offline mode blocks (LAN URLs still allowed) |
What never has a network path
Your meetings database, audio clips, and voiceprints stay in the app’s local data folder. Protected by your Windows account — we recommend BitLocker.
For IT & data protection officers
In the default configuration, meeting content is processed on-device only — no cloud processor to assess for FADP/GDPR purposes. Speaker recognition is local-only biometrics. Hard Offline Mode and the exportable audit log serve as the procurement demo.
White-label builds and managed installs (MSI for SCCM / Intune / Group Policy) are available, including pre-baked defaults. Questions, DPIA support, or a pilot: hello@localtranscript.com.
Free forever