Privacy

We don't have your audio. We don't want it. We never will.

We built kiromi specifically so the conversations you can't risk leaking don't get to leak. Below is what that means in practice — and how to verify it yourself.

Privacy by design

Built for conversations you can't risk leaking.

Voice prints are biometric data, and we treat them that way: encrypted at rest in the macOS keychain, local by default, deletable in one click, with a signed consent receipt for every recording.

  • Audio + transcripts stay on your Mac
  • One-click delete with a signed receipt
  • Voice prints encrypted in the keychain
  • AI queries via Cloudflare AI Gateway

Six commitments.

  1. 01

    Your audio stays on your Mac.

    Recordings, transcripts, and voice profiles are written to your local SwiftData store. They are not synced to any kiromi server. They never leave your machine unless you explicitly turn on cloud features.

  2. 02

    Voice prints are encrypted at rest.

    Voice embeddings (256-dim vectors) are stored in the macOS keychain — protected by the Secure Enclave, gated by your login session, never transmitted.

  3. 03

    AI queries route through a stateless gateway.

    When the AI needs to compose an answer, kiromi sends only the relevant transcript snippets through Cloudflare AI Gateway to your chosen LLM provider. We never retain those payloads. The gateway logs token counts and response times, nothing else.

  4. 04

    One-click delete, with a receipt.

    Every recording action and every deletion produces a signed receipt — what was created, what was deleted, when. You can export your full history of these receipts at any time.

  5. 05

    No telemetry, ever.

    kiromi ships zero analytics SDKs and no third-party crash reporters. The only outbound traffic is to your AI provider (when you opt in) and to our update channel.

  6. 06

    Network-off works.

    Disable network entirely and the app keeps running. Detection, recording, transcription, speaker recognition, and search all function offline. AI chat is the only feature that needs a connection.

Verify it yourself.

If you don't trust us — and you shouldn't, on principle — kiromi makes it possible to check.

  • Watch Console.app while recording. The only outbound network calls are to api.kiromi.ai for sync, and to your chosen AI provider when you ask a question.
  • Turn on Airplane mode and start a recording. Detection, transcription, and search keep working.
  • Inspect the keychain at ~/Library/Keychains — voice profiles live there, encrypted by your login password.
  • The detection signals (calendar, audio, browser, app focus) are open-source — read them in MeetingDetection.

Questions?

Email privacy@kiromi.ai — we answer everything, including the awkward ones.