Privacy·Last updated 2026-05-14

The privacy architecture.

Voxa was built around a single bet: that a generation of European professionals will choose a dictation tool that does not route their voice through Silicon Valley. The promises below are not marketing language. They are invariants enforced in the code.

01.

The wedge.

European law firms, hospitals, research institutes, public agencies, and an awful lot of indie founders cannot legally send client audio to US-controlled AI providers. Most dictation tools force them to. Voxa does not. Inference happens in Frankfurt. Audio is discarded the moment a response returns. No transcripts are stored. No final text is retained.

02.

Subprocessors.

The complete list of third parties that touch any byte of your data. We will update this page in lockstep with any change.

Subprocessor Region Purpose Data touched
Mistral (Voxtral + chat) EU endpoints Audio transcription and text polishing Audio bytes (in-flight only), raw transcript (in-memory only)
Supabase eu-central-1 (Frankfurt) Authentication and user metadata Email, hashed password, OAuth tokens, user ID
Hetzner nbg1 (Nuremberg) API server hosting API server processes, metadata-only logs (no audio, no transcript, no final text)
Stripe EU + US (Data Processing Addendum in place) Subscription billing Billing identity, payment method (card data never touches our servers)
Cloudflare Pages Edge CDN Static website hosting (this site) Static HTML, CSS, JS only. No user data.

03.

The seven non-negotiables.

  1. 01

    Raw audio is never persisted server-side.

    Your microphone bytes stream straight into the Voxtral request body and are discarded the moment the response arrives. No buffering to disk, no copy in S3, no warm cache.

  2. 02

    Raw transcripts are never persisted server-side.

    The transcript exists for a few hundred milliseconds in memory while we run the cleanup pass, then it is dropped. We never write it to a database.

  3. 03

    Final polished text is never persisted server-side by default.

    Your client receives the polished text and pastes it where the cursor is. The server keeps no copy.

  4. 04

    Logs contain metadata only.

    We log user ID, organisation ID, latency, word count, model name, success or failure. Pino redaction strips any field that could leak content.

  5. 05

    All inference traffic stays in the EU.

    We call Mistral on EU endpoints. If Mistral ever exposes a US-only model, we will not use it. Period.

  6. 06

    No US AI subprocessors.

    No OpenAI, no Anthropic, no Google AI. The wedge is structural, not aspirational.

  7. 07

    Local history is opt-in and encrypted at rest.

    When you enable the dictation history, it lives on your machine only, encrypted with AES-256-GCM, key stored in your OS keychain. Lose the keychain entry and the history becomes unreadable.

04.

Local history.

Voxa can keep a local history of your dictations so you can copy or retry a past take. This is opt-in, off by default, and stored only on your machine. We encrypt the contents with AES-256-GCM using a key in your operating system keychain. The server side has no access and no copy.

Contact

Questions about how we handle your data.

Reach legal at legal@voxa.app .