Security
Security is our architecture
We did not add security as a layer. We designed Voxa so that your data never exists anywhere it could be compromised.
“The most secure data is data that never exists on a server.”
This is not a slogan. It is the engineering principle behind every decision we make.
100% Local Processing
Every word you speak is processed on your device using whisper.cpp with GPU acceleration. Your audio is captured, transcribed, and discarded in memory — never written to disk, never transmitted over a network. There is no cloud fallback, no optional server mode, no exceptions.
End-to-End Encryption
When multi-device sync is enabled, your personal dictionary and preferences are encrypted on-device before transmission using keys derived from your credentials. The encryption keys never leave your device. Even our sync servers cannot read your data — they store only encrypted blobs.
Zero Data Collection
Voxa contains no analytics SDKs, no tracking pixels, no telemetry endpoints. We do not collect usage data, device fingerprints, or application context. Our software makes no network calls during normal operation. We built Voxa so that we physically cannot observe how you use it.
No Servers to Breach
Traditional speech-to-text services process audio on cloud servers, creating targets for attackers. Voxa has no speech processing infrastructure to breach. Your voice data exists only in your device’s RAM for the fraction of a second it takes to transcribe, then it is gone.
Sandboxed Architecture
Voxa runs in a sandboxed environment with minimal system permissions. It requests only microphone access and clipboard access (to paste transcriptions). It does not access your file system, contacts, calendar, location, or any other sensitive data. On macOS, it is fully compliant with App Sandbox requirements.
Transparent and Auditable
Our security architecture is documented publicly. We are committed to open, verifiable security practices. Voxa undergoes regular security audits, and we publish the results. Our speech models are based on the open-source Whisper architecture — no proprietary black boxes processing your voice.
How Voxa Compares
| Feature | Voxa | Cloud Services |
|---|---|---|
| Audio processed on device | ✓ | ✗ |
| Zero network calls | ✓ | ✗ |
| No analytics / telemetry | ✓ | ✗ |
| End-to-end encryption | ✓ | Varies |
| Open model architecture | ✓ | ✗ |
| Works without internet | ✓ | ✗ |
| GDPR compliant by design | ✓ | Varies |
Report a Vulnerability
If you discover a security vulnerability in Voxa, please report it responsibly to security@voxa.ai.