Privacy Policy

Last updated: March 23, 2026

Overview

Yyap is designed with privacy as a core principle. Your voice is your most personal data, and we treat it that way. We adhere to HIPAA best practices and are HIPAA-ready — we implement the technical safeguards required by HIPAA to protect sensitive health information, including encryption at rest and in transit, strict access controls, and zero audio retention.

What we collect

  • Account information — email address and name when you sign up. Used for authentication and billing.
  • Session metadata — app name, word count, duration, utterance type (dictation or command), and timestamp for each dictation session. Used for usage tracking and your dashboard history.
  • Transcript text — the raw transcript from speech recognition, the cleaned/formatted version produced by our language model, and the final text injected into your application. Stored for your usage history, debugging, and audit trail.
  • Usage metrics — word count per week for quota tracking.
  • Payment information — processed by Polar. We never see or store your full card number.
  • Crash reports — anonymous, opt-in crash reports to help us fix bugs.

Zero audio retention

Audio is streamed directly to Deepgram for transcription and immediately discarded. We never store voice recordings on our servers. The entire audio pipeline is stateless — once your text is delivered, there is no trace of the audio on our infrastructure.

Data retention

Session metadata and transcript text are stored for the duration of your account. You can delete your data at any time via the dashboard or by contacting support. We process deletion requests within 24 hours.

Encryption & security

All data is encrypted at rest (NeonDB) and in transit (TLS). We follow industry best practices for access control, key management, and infrastructure security.

Third-party processors

We use the following third-party services to operate Yyap:

  • Deepgram — speech-to-text transcription
  • Anthropic — language model for text cleanup and commands
  • Clerk — authentication and user management
  • Polar — billing and subscription management
  • NeonDB — database hosting

We do not sell or share your data with third parties for advertising. We do not train AI models on your dictation data.

Enterprise

Enterprise customers can configure custom data retention policies, on-premise processing, and audit logging. Contact hamza@yyap.dev for details.

Data deletion

You can delete your session history and transcript data via the dashboard. To delete your entire account and all associated data, use your account settings or contact us. We process deletion requests within 24 hours. For GDPR or CCPA requests, contact hamza@yyap.dev.

Contact

Questions about privacy? Email us at hamza@yyap.dev.