Privacy Policy

Last updated: March 11, 2026

This Privacy Policy explains how Namuh, Inc. (“we”, “us”, or “our”) handles your information when you use liltype, a macOS dictation application, and the website at liltype.com (collectively, the “Service”).

1. Our Privacy Philosophy

liltype is built offline-first. Your voice audio is processed locally on your Mac's Apple Neural Engine using Whisper. By default, no audio data ever leaves your device. We designed liltype so that privacy is the default, not an upgrade.

2. Information We Collect

Account information

When you sign in with Google or Apple, we receive your email address and display name from the identity provider. This information is stored in our authentication system (Supabase) to manage your account.

Billing information

If you subscribe to a paid plan, your payment is processed entirely by Stripe on their hosted checkout pages. We store only a Stripe customer ID and subscription status (tier, expiration date) on our server. We never receive, store, or have access to your credit card number, bank account details, or other payment credentials — Stripe handles all payment data directly.

Analytics (opt-in)

The liltype app includes optional, opt-in analytics powered by PostHog. Analytics are disabled by default. If you choose to opt in, we collect anonymous usage events such as application lifecycle events (app open, close), dictation completion events (with latency timing, but never the transcription content), and settings changes. We do not capture screen recordings, keystroke data, or transcription content. You can opt out at any time in the app's settings.

Website analytics

Our website (liltype.com) uses PostHog to collect pageview and page-leave events. This helps us understand how visitors find and use our site. No personally identifiable information is collected through website analytics.

3. Google User Data

This section specifically describes how we handle data received from Google APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

3.1. Data Accessed

If you sign in with Google, we request access to the following data only:

• Email address — used to identify your account
• Display name — used to personalize your experience within the app

We do not request access to any other Google data such as contacts, calendar, drive files, or any other Google services.

3.2. Data Usage

Your Google email address and display name are used solely for the purpose of:

• Creating and authenticating your liltype account
• Displaying your name within the app interface
• Associating your account with your subscription status, if applicable

We do not use Google user data for advertising, marketing, or any purpose unrelated to providing and improving the liltype Service.

3.3. Data Sharing

We do not sell, rent, or trade Google user data to any third party. Google user data is shared only with the following service provider, solely as necessary to operate the Service:

• Supabase — our authentication provider, which stores your email address and display name to manage your account session and identity.

We do not transfer Google user data to any other third parties except as required by applicable law.

3.4. Data Storage & Protection

Google user data (email address and display name) is stored as follows:

• Server-side: Your account record (email, display name) is stored in our Supabase-hosted database, which uses encryption at rest and TLS encryption for all data in transit.
• On your device: Your authentication session (access token and refresh token) is stored in the macOS Keychain, which provides hardware-backed encryption managed by the operating system. Keychain items are configured with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, meaning they cannot be transferred to other devices and are not synced via iCloud.

Access to your account data on our servers requires a valid, signed authentication token. We do not store Google OAuth tokens beyond what is necessary for session management.

3.5. Data Retention & Deletion

We retain your Google user data (email and display name) for as long as your account is active. You may request deletion of your account and all associated Google user data at any time by contacting us at [email protected]. Upon receiving your request:

• Your account record and all associated personal data will be removed from our servers within 30 days.
• Your local authentication session will be cleared from the macOS Keychain when you sign out of the app.

We may retain anonymized, non-personally-identifiable data (such as aggregate usage statistics) after account deletion.

4. Information We Do Not Collect

We want to be explicit about what we never collect:

• Audio recordings. In offline mode (the default), your voice audio is processed entirely on your device and is never transmitted. If you opt in to managed cloud transcription (Pro tier), audio is sent to our server over an encrypted connection solely for real-time transcription and is not stored after processing. If you use your own API keys (BYO mode), audio is sent directly from your device to the third-party provider and never passes through our servers.
• Transcription content. The text generated from your speech stays on your device in a local database. We have no access to what you dictate.
• API keys. If you use your own API keys for cloud services, those keys are stored in the macOS Keychain on your device. We never see, store, or proxy them.

5. How We Use Your Information

• Account management. Your email and name are used to identify your account and manage your subscription.
• Billing. Subscription and payment data is used to process charges and manage your plan.
• Product improvement. If you opt in to analytics, we use aggregated usage data to improve liltype. We do not sell or share this data with third parties for advertising purposes.

6. Data Storage & Security

We take the security of your data seriously and implement the following measures:

• Encryption in transit. All communication between the liltype app and our servers uses TLS (HTTPS) encryption.
• Encryption at rest (server-side). Account and subscription data stored in Supabase is encrypted at rest using industry-standard encryption.
• Encryption at rest (on-device). Sensitive credentials (authentication tokens and API keys) are stored in the macOS Keychain, which provides hardware-backed encryption. Other local data (transcription history, meeting notes, settings) is stored in your app's private application directory and is protected by macOS file system permissions and, if enabled, FileVault full-disk encryption.
• Access controls. Server-side access to your account data requires a valid, cryptographically signed authentication token. Payment processing is handled entirely by Stripe — we never handle or store payment credentials.

7. Third-Party Services

We use the following third-party services:

• Supabase — authentication and account management
• Stripe — payment processing (hosted checkout; we never handle payment credentials)
• PostHog — opt-in app analytics and website analytics

Each of these services has its own privacy policy governing how they handle data. When you use cloud speech-to-text with your own API keys (BYO mode), your audio is sent directly from your device to the third-party provider (e.g., Deepgram, OpenAI, Groq, AssemblyAI) — it does not pass through our servers. When you use managed cloud transcription (Pro tier), audio is routed through our server solely for real-time transcription processing and is not retained.

8. Data Retention & Deletion

We retain your account and billing information for as long as your account is active. You may request deletion of your account and all associated personal data at any time by emailing [email protected].

Upon receiving a deletion request:

• Your account record, email address, display name, and subscription data will be removed from our servers within 30 days.
• Billing records required by law (e.g., for tax purposes) may be retained as required by applicable regulations.
• Local data on your device (transcription history, meeting notes, settings) is under your control and can be removed by uninstalling the app or deleting its data from ~/Library/Application Support/liltype/.

9. Your Rights

You have the right to:

• Request deletion of your account and all associated personal data by emailing [email protected]
• Opt out of analytics at any time in the app's settings
• Request a copy of the personal data we hold about you
• Revoke Google access at any time through your Google Account permissions page

10. Children's Privacy

liltype is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at [email protected].