As a native macOS application with deep system rights, we rely on radical transparency. Find out what happens under the hood here.
LazyLips requires the release of the microphone via the macOS NSSpeechRecognitionUsageDescription. Recording is strictly on demand ("Push-to-Talk" or user activation). The app never eavesdrops in the background. We explicitly do not collect biometric voice profiles (Voice ID) for your identification within the meaning of Art. 9 Para. 1 GDPR. The audio signal is exclusively used for transient speech-to-text conversion.
Your dictations and transcribed texts are never used to train AI models (LLMs). We do not sell data. When you use the app, audio data is passed to certified providers (Groq / OpenAI APIs) in a fraction of a second. This data transfer to the US is legally secured by the EU-US Data Privacy Framework (DPF) as well as an executed Data Processing Agreement (DPA) according to Art. 28 GDPR. In addition, strict "Zero Data Retention" contracts apply: every data element is destroyed directly in memory after processing.
We only store tokens for session authentication and app settings locally on your Mac hard drive. For user management and license verification, we use Supabase (hosted on AWS servers in Frankfurt/EU or similar zones). Supabase stores your email address, your license status, and usage statistics (e.g. dictated words). This storage is absolutely necessary according to Art. 6 Para. 1 lit. b GDPR for the fulfillment of the contract.
We use Sentry to ensure stability. In the event of an app crash, the app transmits purely technical status logs to Sentry (e.g. macOS version, stack trace). This is based on our "legitimate interest in troubleshooting" (Art. 6 Para. 1 lit. f GDPR). You can block this deep in the operating system's network settings if you wish.
The data processing on this website and for the delivered desktop software is carried out by the operator. Their contact details are:
Our website, the backend, and API endpoints are provided via Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare automatically processes IP addresses and system data (e.g. browser, access time) to defend against DDoS attacks and to deliver the website securely and quickly. A web analytics tracking without cookies and with fully anonymized IP addresses is used to measure reach. Data transfer to the US is secured by the EU-US Data Privacy Framework (DPF).
All purchase processes (subscriptions such as "Monthly Flex" or "Yearly Pro") and the associated license key allocation are not carried out by us, but by our certified payment reseller LemonSqueezy as the so-called "Merchant of Record" (MoR). LemonSqueezy processes and stores your billing data (including credit cards and billing addresses) according to its own highly secure PCI-DSS and GDPR standards.
Within the framework of the applicable legal provisions of the EU (GDPR Art. 15-21), you have the right at any time to free information about your personal data stored by us, its origin, and recipients. Furthermore, you have a right to correction, blocking, data portability, and to complete deletion of this data ("Right to be forgotten").
Simply send us an informal email (ideally from the email address of your LemonSqueezy account / VIP key) to our address given in the imprint. We process deletion requests immediately.
You also have the right to complain to a data protection supervisory authority if you suspect violations.
Status of the Privacy Policy: 7.5.2026