talat
Buy talat
Policy

Privacy policy

Last updated: 14 May 2026

talat is a meeting transcription app that runs entirely on your device. This policy explains what data we collect and what we do with it.

The app

All audio recording, transcription, speaker identification, and summarisation (by default - see next section for more on this point) happens locally on your device using on-device models. None of this data is sent to us or to any third party. We have no servers that receive, process, or store your meeting content. We can't see your recordings, transcripts, speakers, or notes.

talat does not include any analytics, telemetry, or usage tracking. We don't know how often you use the app, which features you use, what you click on, or how many meetings you record.

Cloud LLM providers

You can choose to use a cloud-based LLM for better summarisation on longer meetings instead of an on-device model. You choose the provider, you supply your own API key, and you send data to them directly. We're not involved in that relationship: we don't proxy requests, don't see your API keys, and don't receive any data from those providers.

When you use a cloud provider, their privacy policy governs how they handle your data. Make sure you're comfortable with it.

Google account integration

talat can optionally connect to a Google account so your upcoming meetings appear inside the app. This integration is opt-in: nothing is read from Google unless you explicitly connect an account from Settings.

When you connect a Google account, talat requests two narrowly-scoped, read-only permissions from Google:

  • https://www.googleapis.com/auth/calendar.calendarlist.readonly - to list the calendars on your account, so you can choose which ones to use with talat.
  • https://www.googleapis.com/auth/calendar.events.readonly - to read upcoming events from the calendars you’ve chosen.

talat also requests the standard openid and email scopes so your connected account can be labelled in Settings with your email address. All four scopes are read-only: talat cannot write to your calendar, create or modify events, or access other Google data.

talat’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The next section spells out what that means in practice.

How your Google data is protected

Because everything stays on your device, the protection picture is unusually simple. We use the following measures to safeguard data obtained via Google’s APIs:

  • Encrypted in transit. Calendar data is fetched from Google over HTTPS (TLS), the encrypted transport required by Google’s APIs. Your operating system handles the connection; nothing of ours sits in between.
  • OAuth tokens encrypted at rest. Your Google sign-in is stored in your operating system’s secure credential store (macOS Keychain on macOS, Credential Manager on Windows), which encrypts credentials at rest using keys tied to your user account. Tokens are never stored in plain files on disk.
  • Calendar data scoped to your user account on disk. The calendar data talat caches locally is held in talat’s application data folder, which your operating system protects with per-user file permissions. If you have full-disk encryption enabled (FileVault on macOS or BitLocker on Windows, both on by default on modern installs), the cache is encrypted at rest along with everything else on the disk.
  • Limited use. We have no servers that receive your calendar data; Google is the only network party involved. We never share your calendar data with other third parties, use it for advertising, or use it to train AI or ML models.
  • Revocable at any time. Disconnecting from Settings revokes talat’s access on Google’s side and deletes the locally-cached calendar data from your device.

Licence validation

If you purchase a licence, the app periodically checks that it has not been refunded or revoked. We need this to protect our business. The licence identifier is totally opaque: it includes no device fingerprinting, no usage data, no tracking data. If you're not online when this check happens (e.g. you're having an air-gapped meeting), talat will retry another time.

The website

This website uses PostHog for basic analytics — how many people visit, how many download the app, and which channels lead people to us. PostHog stores an anonymous identifier in your browser’s local storage (not a cookie). If you arrive via a campaign or a directory listing, we note where you came from. We don’t track across devices, share this data, or build advertising profiles.

We use PromoteKit for our affiliate programme. If you arrive at this site via an affiliate link, PromoteKit sets a cookie (lasting 60 days) so the affiliate can be credited if you purchase talat. The cookie contains no personal information — just a referral identifier.

We use Google Ads conversion tracking to help us optimise our marketing. The Google tag is loaded only when a conversion is about to fire — when you click a download button, or when you land on the payment confirmation page — and sets a single conversion-linker cookie (_gcl_au) so the conversion can be attributed back to the original ad click. We do not enable Enhanced Conversions (so no email or other personal information is sent to Google), and we do not use Google Ads for remarketing or cross-site tracking.

Purchases

Payments are processed by Stripe. When you buy talat, Stripe collects your email address (they require it) and billing address. We receive your email so we can send you a licence key. We don't sell, share, or do anything with your email address. We never see or store your payment details.

Data we store

If you buy talat, we store your email address and opaque licence identifier.

Third-party services

Changes to this policy

If we change this policy, we'll update this page. We won't make changes that weaken your privacy without making them obvious.

Contact

If you have questions about this policy or how talat handles your data, email us at hello@talat.app, or DM us on Bluesky or X.