Security

Last updated: March 17, 2026

Koe is built with a simple principle: your voice data is yours. This page explains how we protect it at every layer.

Three Privacy Modes

Koe operates in three distinct modes. Each has different security properties — and we're transparent about all of them.

Local Mode (zero network)

  • Audio is captured, transcribed, and discarded entirely on your Mac
  • No network requests are made — not even to check for updates during transcription
  • Transcription models (Whisper, Parakeet, Moonshine, SenseVoice) run via ONNX Runtime on your CPU/GPU
  • Audio buffers are released from memory immediately after transcription completes
  • We cannot access your data because it never leaves your device

BYOK Mode (bring your own keys)

  • Audio is sent directly from your Mac to your chosen provider (OpenAI, Mistral, etc.)
  • Koe never proxies, stores, or inspects your audio or API keys
  • API keys are stored locally in your macOS Keychain
  • The connection is between you and the provider — we are not in the path
  • We cannot access your data because we never see it

Pro Mode (Koe proxy)

  • Audio is sent through our proxy server to the transcription provider
  • The proxy forwards your audio in real-time and does not store it
  • No audio files are written to disk on our servers
  • No transcription results are stored or logged
  • Server logs contain only metadata (timestamp, duration, model used) for billing
  • We handle your data only in transit, never at rest

What We Don't Do

  • No telemetry. Koe does not phone home, track usage, or collect analytics.
  • No audio storage. In any mode, audio is never written to disk by Koe (locally or on our servers).
  • No transcript storage. We don't store, index, or read your transcriptions.
  • No third-party SDKs. No analytics, crash reporting, or advertising SDKs are bundled.
  • No account required. The free tier (local + BYOK) works without creating an account.

Infrastructure

  • Desktop app: Built with Tauri (Rust + WebView), not Electron. Smaller attack surface (~10MB vs ~200MB).
  • Proxy server: Runs on hardened infrastructure. TLS 1.3 for all connections.
  • Payments: Handled entirely by Stripe. We never see or store your card number.
  • Updates: Signed and verified via Tauri's built-in updater. No unsigned code is executed.

API Keys (BYOK)

When you provide your own API keys:

  • Keys are stored in the macOS Keychain, encrypted at rest by the OS
  • Keys are never sent to Koe servers
  • Keys are only used for direct API calls to the provider you selected
  • You can revoke keys at any time from your provider's dashboard

Data Flow Diagrams

Local Mode

Microphone → Koe (on your Mac) → Transcription (on your Mac) → Clipboard
             No network involved

BYOK Mode

Microphone → Koe (on your Mac) → Provider API (OpenAI, Mistral, etc.) → Koe → Clipboard
             Direct connection, Koe servers not involved

Pro Mode

Microphone → Koe (on your Mac) → Koe Proxy → Provider API → Koe Proxy → Koe → Clipboard
             Audio forwarded in real-time, never stored

Responsible Disclosure

If you find a security vulnerability, please email security@koe.fm. We take all reports seriously and will respond within 48 hours.

Questions?

Email us at hi+security@koe.fm — we're happy to answer any security questions.