Privacy & Redaction
VoxInk is designed with privacy at its core. Run everything locally, or use PII redaction when cloud processing is needed.
Overview
VoxInk is designed with privacy at its core. You can run everything 100% locally, and when cloud processing is needed, PII redaction ensures sensitive data never leaves your device.
Whether you work in healthcare, legal, finance, or any privacy-sensitive field, VoxInk gives you the tools to dictate confidently.
100% Local Option
VoxInk can operate entirely offline with zero data sent to any server:
- Local transcription (On This Mac) — speech recognition runs directly on your Mac
- Local text cleanup (On This Mac LLM) — connect to a local LLM server for AI processing
- No internet required — the entire pipeline stays on your machine
This makes VoxInk suitable for environments with strict data handling requirements, including healthcare and legal settings where data must not leave the premises.
PII Redaction
VoxInk can automatically detect and hide personal information (names, dates, phone numbers, etc.) before sending text to a cloud AI service for formatting. This detection runs entirely on your Mac — no internet needed.
How It Works
- You dictate text (e.g., "Patient John Smith, DOB 15 March 1985, presenting with lower back pain...")
- VoxInk scans the text locally and identifies personal information
- Personal details are replaced with placeholders (e.g., "Patient
[PERSON_1], DOB[DATE_1], presenting with lower back pain...") - The redacted text is sent to the cloud AI for formatting or cleanup
- The AI returns formatted text with placeholders intact
- VoxInk restores the original values locally before pasting
The cloud AI never sees actual names, dates, addresses, or other identifying information. It only processes the structure and medical/legal content of your dictation.
What Gets Redacted
- Names — people, organisations, business names
- Dates — dates of birth, appointment dates, incident dates
- Addresses and locations — street addresses, suburbs, postcodes
- Phone numbers — mobile, landline, international formats
- Email addresses
- ID numbers — Medicare numbers, insurance IDs, license numbers, ABNs
- Medical record numbers
- Other identifying information — any other personal details detected automatically
Enabling / Disabling Redaction
Redaction can be controlled globally or per template:
- Global toggle: Menu bar → Privacy → Redact Sensitive Data
- Per template: Each template has its own redaction toggle in the template editor, so you can enable redaction for clinical notes but disable it for internal emails
Plan Requirements
| Plan | PII Redaction |
|---|---|
| Free | Not available |
| Pro | Not available |
| Premium | Available |
| Student | Available |
| Educator | Not available |
Data Handling
Here's exactly what VoxInk stores, where, and for how long:
- Audio recordings — processed in memory only, never saved to disk. Once transcription is complete, the audio data is discarded.
- Transcribed text — stored only in the clipboard for pasting. Not written to any file or database.
- Settings file — stored locally on your Mac. Contains your preferences and access codes for cloud services.
- Access codes — stored locally in your settings file. Never sent to VoxInk servers. Only sent directly to the provider you chose (e.g., Deepgram, OpenAI) when you dictate.
- Audit log (optional) — a JSONL file that logs recording duration and word counts for your own records. It never logs the actual text content of your dictation.
HIPAA Considerations
VoxInk's local-only mode and PII redaction features are designed to support HIPAA-compliant workflows:
- Local transcription keeps all audio on-device — no audio is transmitted
- PII redaction removes identifiers before any cloud processing occurs
- No persistent patient data storage — text exists only in the clipboard temporarily
- Audit logging (optional) tracks usage metadata without recording content
- No VoxInk account required for local-only operation — no data shared with VoxInk servers