NDAs and Voice Tools: Staying Compliant
You signed an NDA, and now you want to dictate your client notes instead of typing them. That is a reasonable thing to want, because most people speak around three to four times faster than they type. The only question is whether your voice tool keeps that confidential material where it belongs: on your machine.
Key takeaways
- The compliance risk in voice tools is transmission: sending NDA audio to a cloud vendor may be unauthorized disclosure.
- On-device speech-to-text keeps audio and text on your Mac, so there is no third party to disclose to.
- Local processing is necessary but not sufficient: also encrypt your disk, lock your device, and delete old transcripts.
- BlaBlaType transcribes 100% on-device with local Whisper and Parakeet models, so voice and text never leave the Mac.
Why NDAs and dictation collide
A non-disclosure agreement is a promise not to reveal confidential information to unauthorized third parties. Most people think about that in terms of not forwarding an email or not talking at a conference. Voice tools introduce a quieter version of the same problem. When you dictate, you are speaking confidential words out loud, and the tool has to turn those words into text somehow. The moment that audio is sent to an outside server for speech recognition, a third party has received the very content your NDA was meant to protect.
That is the core tension. Typing keeps everything on your keyboard and screen. Cloud dictation quietly adds a vendor, a network hop, and a copy of your audio living on someone else's infrastructure. If you have ever wondered whether Mac dictation is actually private, this is exactly the detail that matters. The technology you choose decides whether dictating under an NDA is a non-event or a breach.
Cloud versus on-device: the compliance difference
The distinction that decides everything is where the words are turned into text. A cloud tool streams your microphone to a remote model. An on-device tool runs the model on your own hardware. For NDA work, that is the difference between introducing a subprocessor and introducing nobody. If you want the deeper technical version, we compared on-device versus encrypted cloud in a separate guide, because "encrypted" and "private" are not the same thing.
| Factor | Cloud dictation | On-device dictation |
|---|---|---|
| Audio leaves your Mac | Yes, uploaded | No |
| Third party receives content | Yes, the vendor | No one |
| Works offline | No | Yes |
| Needs a data agreement for NDA work | Usually | Not for transmission |
| Compliance burden | Higher | Lower |
Encrypted transport helps, but it protects data in transit, not the fact that a copy arrived at a vendor. Under many NDAs the disclosure happens the instant the data is shared, regardless of how well the pipe was encrypted. On-device processing sidesteps the argument entirely: there is no recipient to disclose to. This is also why on-device tools tend to fit better with regional rules. If you operate in Europe, our note on GDPR and dictation covers the overlap.
How on-device dictation actually works
BlaBlaType runs its speech recognition entirely on your Mac using local Whisper and Parakeet models, optimized for Apple Silicon. You press a shortcut, speak, and the text appears wherever your cursor is, whether that is an email, a legal draft, a code comment, or a document. Because the model lives on your machine, it also works with no internet connection. The optional AI cleanup that removes filler words and fixes punctuation is powered by Apple Intelligence and also runs on-device, so even the polishing step never uploads your words.
Practically, that means the same NDA note you would type by hand can be dictated with nothing crossing the network. You can dictate into a sealed client folder, a matter management tool, or a private repo. For the day-to-day mechanics, see how to dictate text in any app on your Mac. And if part of your workflow involves talking to an assistant, note that pasting confidential text into a chatbot is its own disclosure decision, separate from dictation, which is worth remembering before you talk to ChatGPT with your voice.
A short glossary for NDA-safe dictation
Compliance conversations get easier when everyone means the same thing by the same words. These are the terms that come up most.
Key terms
- NDA
- A non-disclosure agreement is a contract that restricts sharing defined confidential information with unauthorized third parties.
- On-device processing
- Speech-to-text that runs on your own computer, so the audio and transcript are never sent to an outside server.
- Subprocessor
- A third-party vendor that handles data on your behalf, such as a cloud transcription service, and usually must be approved under your agreement.
- Disclosure
- Any act of making protected information available to someone outside the NDA, which can include an automatic upload to a vendor.
- Data at rest
- Information stored on a device, protected by measures like full-disk encryption rather than by network encryption.
Dictate NDA work without the upload
BlaBlaType transcribes 100% on-device, so confidential audio and text stay on your Mac. Free trial, no card required.
Download for macOSA practical compliance checklist
On-device processing solves the biggest problem, but staying compliant also depends on how you handle the text after it lands. Treat dictation like any other confidential document workflow.
- Confirm the tool transcribes on-device by default, not only in a paid or optional mode.
- Keep the app offline while dictating NDA material if you want a visible guarantee nothing leaves.
- Enable full-disk encryption and a strong login so data at rest is protected.
- Delete transcripts and history you no longer need, especially from shared machines.
- Check whether your NDA names approved tools or subprocessors, and if it does, respect that list.
- Avoid pasting confidential text into cloud assistants unless they are separately covered by an agreement.
None of this is legal advice, and your specific agreement always wins. But if you start from a tool that keeps everything local, the rest of the checklist is ordinary device hygiene rather than a fresh disclosure risk. For teams that also automate work with coding assistants, vendor documentation such as Anthropic's Claude Code docs can clarify where data is handled, which is the same question you should ask of any voice tool.
Frequently asked questions
Can I dictate work that is under an NDA?
Yes, if the voice tool processes speech entirely on your device. When transcription happens locally, the confidential audio and text never leave your Mac, so dictating under an NDA does not involve sharing anything with a third party.
Does using a cloud dictation tool break an NDA?
It can. Most NDAs restrict disclosure to third parties, and a cloud tool sends your audio to a vendor's servers to transcribe it. Unless that vendor is an approved subprocessor under a data agreement, uploading NDA material may count as unauthorized disclosure. On-device tools avoid the question entirely.
Is on-device dictation enough to stay compliant?
On-device processing removes the main risk, which is third-party transmission, but compliance also depends on device security. Use full-disk encryption, a strong login, and delete transcripts you no longer need. BlaBlaType keeps all audio and text on your Mac so nothing is uploaded.