Scribe0 (“the app”) is provided by Linus Asaabey (“we”, “us”, “our”). This policy explains what the app does with your data. It is written to align with the Australian Privacy Principles (APP) under the Privacy Act 1988 (Cth).
Scribe0 is a dictation and documentation aid for clinicians. It transcribes speech to text on your device and can optionally rewrite that text using an AI model. It is not a medical device and does not provide diagnosis or treatment advice.
The short version
- Your audio never leaves your device. Speech-to-text runs entirely on-device on the Apple Neural Engine. We never receive, store, or transmit your recordings.
- We do not run accounts, analytics, advertising, or tracking. There is no login, and we do not collect usage data, device identifiers, or location.
- Transcripts are stored only on your device, encrypted at rest.
- Text leaves your device only if you choose a cloud AI prompt — and only the transcript text and your prompt, never the audio. This is off by default and requires a per-prompt confirmation each time until you accept it.
What data the app handles
Audio recordings
Captured from your microphone solely to produce a transcript. Transcription is performed on-device; audio is held in memory only for the duration of processing and is then discarded. Audio is never written to long-term storage and is never transmitted off the device.
Transcripts and related notes
The text the app produces, plus any AI-enhanced version, is stored locally on
your device using Apple’s on-device database (SwiftData). This text can contain
personal and health information (for example, patient names, identifiers, and
clinical details). It is protected at rest by iOS file-level encryption
(NSFileProtectionComplete) and, optionally, a biometric (Face ID / Touch ID)
app lock you can enable in Settings. We do not have access to this data.
AI enhancement (optional)
You may apply an AI “Enhance” step to a transcript. There are two kinds of prompt:
-
On-device prompts (Apple Foundation Models, on supported hardware) process your text entirely on the device. Nothing is transmitted.
-
Cloud prompts send your transcript text and the prompt over an encrypted (HTTPS/TLS) connection to a third-party AI service to generate the enhanced text. No audio is ever sent. Cloud prompts are opt-in: the first time you use one you must accept an explicit disclosure, and the app marks which prompts are cloud-based.
Important: transcript text sent to a cloud prompt is not redacted before sending. Do not use cloud prompts for content you would not be permitted to send to a third-party AI service under your own obligations.
API keys
If you use a cloud prompt, you supply your own API key (OpenRouter or AWS Bedrock). Keys are stored in the iOS Keychain on your device and are sent only to the corresponding service to authenticate your requests. We never receive your keys.
Third parties (sub-processors)
We do not collect your data ourselves. When — and only when — you run a cloud prompt, your transcript text is processed by the service you have configured:
| Service | Role | Data residency |
|---|---|---|
| Amazon Web Services (Bedrock, Australia) | Runs the AI model on the sovereign endpoint | Australian AWS regions only (Sydney / ap-southeast-2, au.* inference profiles) |
| OpenRouter | Routes the request to a model provider (AWS Bedrock or Anthropic) | No regional guarantee — may be processed outside Australia |
| Anthropic | Provides the AI model when routed via OpenRouter | Region depends on routing; not guaranteed to be in Australia |
Each service processes the text only to return the enhanced result, under its own terms and privacy policy. If data residency matters to you (for example, to keep data in Australia), use the AWS Bedrock (AU) backend rather than the OpenRouter path.
What we do not collect
We do not collect or transmit: your audio, your identity or account details (there are none), device identifiers, advertising identifiers, location, contacts, browsing or search history, or analytics/usage data. We do not use your data for tracking, advertising, or training AI models. The app contains no third-party analytics or advertising SDKs.
How long data is kept
Transcripts remain on your device until you delete them (in the app’s History) or uninstall the app. Uninstalling removes all local app data. We hold no copy of your data, so there is nothing for us to retain or delete on a server. Data sent to a cloud prompt is handled per that provider’s retention policy.
Security
- On-device transcription, so audio never traverses the network.
- Local data encrypted at rest with iOS file protection.
- Optional Face ID / Touch ID app lock.
- API keys stored in the iOS Keychain.
- All network requests use HTTPS/TLS.
Children
Scribe0 is intended for use by healthcare professionals and is not directed at children.
Your rights
Because all personal data the app handles is stored locally on your device, you control it directly: you can view, export (share), or delete transcripts within the app at any time. If you have questions about this policy or how your data is handled, contact us at the address below.
Changes to this policy
We may update this policy as the app evolves. Material changes will be reflected by the “Last updated” date above and published at this URL.
Contact
Linus Asaabey Email: privacy@scribe0.com