v2.3.1

Security & Compliance

A technical deep-dive into how CosmoWhisper protects your data, ensures privacy, and maintains global compliance standards.

Encryption & Data Transit

All data processed by CosmoWhisper is protected by industry-standard encryption protocols both at rest and in transit.

  • TLS 1.3 Encryption: All audio data sent to transcription providers is encrypted using Transport Layer Security (TLS) 1.3, ensuring protection against man-in-the-middle attacks.
  • Local Storage: Temporary audio caches are stored in the user's application data folder on Windows and are purged immediately after successful transcription or upon application exit.

Zero Data Retention (ZDR)

The cornerstone of our privacy model is our integration with AI providers specifically configured for professional and clinical use.

No Data Training: CosmoWhisper utilizes API endpoints that explicitly prohibit the use of customer data for training Large Language Models. Your voice and text remain your property.

By leveraging ZDR headers, we programmatically ensure that transcription providers delete audio data immediately after processing, leaving no digital footprint.

GDPR Compliance

CosmoWhisper adheres to the General Data Protection Regulation (GDPR) through its Privacy-by-Design approach.

Data Minimization

We do not collect names, emails, or biometric identifiers. The app functions without personal identification.

Right to Erasure

Since all data is local, users have absolute control. Deleting the application folder removes all associated data permanently.

HIPAA Readiness

For medical professionals, CosmoWhisper provides the technical safeguards required for HIPAA-compliant workflows.

  • Encrypted data transit via TLS 1.3
  • Configurable local LLM support for air-gapped environments
  • No persistent storage of Protected Health Information (PHI) on 3rd party servers