Skip to main content

Data Encryption

TalkWriter uses industry-standard encryption to protect your data at every stage. This article explains what encryption means and how it keeps your information safe.

What Is Encryption?

Encryption scrambles your data so that only authorized systems can read it. Think of it like putting a letter in a locked box — only someone with the right key can open it.

TalkWriter uses two types of encryption:

In-Transit vs. At-Rest Encryption

In TransitAt Rest
What it protectsData moving between your Mac and our serversData stored on our servers
Standard usedTLS 1.3AES-256
When it appliesDuring dictation, sync, and loginAccount data, preferences, and dictionary
AnalogyAn armored truck carrying your packageA locked vault storing your package

TLS 1.3 (In Transit)

TLS stands for Transport Layer Security. Version 1.3 is the latest and most secure.

When you dictate with TalkWriter:

  1. Your Mac creates a secure, encrypted connection to our servers
  2. Audio data travels through this encrypted tunnel
  3. Nobody between your Mac and our servers (not even your Wi-Fi provider) can read the data
  4. The connection is verified using digital certificates to prevent impersonation

Key facts:

  • ✅ All connections use TLS 1.3 — older versions are not supported
  • ✅ Perfect forward secrecy ensures past sessions stay safe even if a key is later compromised
  • ✅ Certificate pinning prevents man-in-the-middle attacks

AES-256 (At Rest)

AES-256 is the same encryption standard used by banks and governments. The "256" refers to the key size — 256 bits — which makes it virtually impossible to crack.

What we encrypt at rest:

  • ✅ Account information (email, name)
  • ✅ Custom dictionary entries
  • ✅ User preferences and settings
  • ✅ Billing information (tokenized, never stored as raw card numbers)

What we do NOT store (and therefore do not need to encrypt):

  • ❌ Audio recordings — deleted immediately after processing
  • ❌ Dictated text — not retained on our servers (see Zero Data Retention)

Encryption Key Management

  • Keys are rotated regularly on an automated schedule
  • Keys are stored in a hardware security module (HSM), separate from the data they protect
  • Access to encryption keys requires multi-factor authentication and is restricted to a small security team

FAQ

Is my data encrypted on my Mac? TalkWriter relies on macOS FileVault for local disk encryption. We recommend enabling FileVault in System Settings → Privacy & Security.

Can TalkWriter employees read my data? No. Encryption keys are managed by automated systems. Employee access to production data requires approval and is fully audited.

What happens if encryption is somehow broken? Since audio is deleted immediately and text is not retained, there is minimal data at risk. We also monitor for advances in cryptography and update our standards proactively.