Privacy
Plainsong is built around local-first audio handling.
What is spoken stays on the desk it was spoken at.
Core recording, transcription, review, and export flows are designed to run on your desktop. Optional cloud or sync integrations should be configured intentionally by the person using the app.
The public site is hosted on Cloudflare Pages. See the subprocessor disclosure for the current hosting and infrastructure context.
The plain line
The practical privacy line is simple: keep sensitive audio, transcript review, and export decisions under the user's control by default. If a future hosted feature changes that boundary, it should be described before launch so users can tell what stays local and what leaves the device.
Why this matters
Meeting notes often contain names, decisions, health details, customer context, or internal plans. Plainsong pages should make those risks easy to reason about. The product direction favors local review first, clear export choices, and plain language around any future feature that stores, syncs, or processes transcripts outside the desktop app.
That matters because transcription tools can feel harmless while handling sensitive material. A rough transcript may still expose who was present, what was decided, what a customer said, or what follow-up was promised. The site language should keep that risk visible instead of hiding it behind broad productivity claims.
Auditable from the outside
The privacy model should also be easy to audit from the outside. Public pages should say when the app is local, when a visitor is only reading a Cloudflare-hosted site, and when a future hosted feature would need a new disclosure before it handles real audio or transcript data.
Do not place secrets, access tokens, or private credentials in exported transcripts. If a future hosted service is added, this page and the subprocessor disclosure should be updated before that service receives production traffic.
Questions
For privacy questions, use the Plainsong contact page.
Last updated