What Metadata Dictation Apps Can Leak (and How to Check)
When you dictate, the words are only half the story. Around every transcript sits a layer of metadata: timestamps, device IDs, app names, language settings and usage counts. Some dictation apps quietly send that data off your Mac, even when they promise not to store your audio. Here is what can leak, and how to check for yourself.
Key takeaways
- Metadata is data about your dictation: when, where, on what device and in which app, not just the words.
- Even apps that do not store audio can still send analytics, crash reports and device details.
- The only sure fix is on-device processing, where audio and text never leave your Mac.
- You can verify privacy yourself with a privacy policy read, a network monitor and an offline test.
What counts as metadata in a dictation app?
Metadata is the information that surrounds your transcript rather than the transcript itself. Your spoken sentence is the content. Everything logged alongside it is metadata, and it is often more revealing than people expect. A dictation service can record when you dictated, how long the clip was, which microphone you used, your device model and operating system, your IP address, your account email, your language and translation settings, and even the name of the app or window you were typing into at the time.
None of that is your actual words, yet stitched together it paints a detailed picture of your day: that you drafted a legal note at 11pm, from a specific Mac, in a specific app, in a specific city. For a deeper look at how private everyday Mac dictation really is, see our guide on whether Mac dictation is private.
What can actually leak, and where it goes
The risk depends on the architecture. Cloud dictation apps send your audio to a server to be transcribed, which means the audio, the resulting transcript and the surrounding metadata all leave your Mac. Some services retain clips for model training or quality review unless you opt out. On-device apps transcribe locally, so the audio never travels, but they can still leak metadata through analytics, crash reporting and license checks if the developer wires those in.
| Data type | Cloud dictation | On-device dictation |
|---|---|---|
| Raw audio | Uploaded to transcribe | Stays on your Mac |
| Transcript text | May be stored | Stays on your Mac |
| Timestamps and durations | Often logged | Local only |
| Device and OS details | Commonly collected | Possible via analytics |
| App or window name | Can be sent | Not needed |
| IP address and location | Seen by the server | Never contacted |
The takeaway is simple. With a cloud tool, you are trusting a privacy policy. With a well built on-device tool, there is no server to trust, because nothing is sent. That is the core reason people move from cloud transcription to local apps, a shift we cover in the state of Mac dictation in 2026. Even the models themselves are now good enough to run locally: the open Whisper research from OpenAI showed robust speech recognition that fits comfortably on a modern Mac.
Why metadata matters, even without your audio
People assume that if an app does not keep the recording, there is nothing to worry about. Metadata proves otherwise. Under data protection rules like the EU's GDPR, information that can identify a person, including device identifiers and IP addresses, is personal data whether or not any audio is attached. A log that says a particular account dictated into a banking app at a particular minute is sensitive on its own.
This matters most for regulated and confidential work: client files, medical or legal drafts, HR notes, anything under an NDA. If you dictate for focus or accessibility reasons, for example the workflows in our piece on voice to text for ADHD, you may be speaking freely and personally, which makes quiet logging feel even more intrusive. The cleanest way to remove the risk is to remove the transmission: keep the whole pipeline on your device.
How to check a dictation app yourself
You do not have to take marketing copy on faith. A few practical checks tell you exactly what an app does with your voice and your metadata. Work through this list before you trust any dictation tool with sensitive text.
Privacy verification checklist
- Read the privacy policy and look for the words "audio", "recordings", "retention" and "third parties".
- Confirm whether transcription is on-device or server-based. Vague answers are a red flag.
- Install a network monitor like Little Snitch or Lulu and watch outbound connections while you dictate.
- Turn Wi-Fi off and dictate. If it still works, transcription is running locally.
- Check for an analytics or telemetry opt-out in settings, and turn it off if you want zero metadata.
- Look at the microphone permission prompts and any login requirement. Accounts create metadata trails.
- Search the developer's data disclosure on their download page for the categories they collect.
The offline test is the most powerful single check. A tool that keeps transcribing with the network switched off simply cannot be uploading your audio, because there is nowhere for it to go. That is the standard BlaBlaType is built to pass. Speech recognition and AI cleanup both run on your Mac, so audio and transcripts never leave the device, and it keeps working with Wi-Fi off. If you want the price and privacy comparison against a popular cloud-adjacent option, read Superwhisper vs BlaBlaType on privacy and price.
Dictate with nothing to leak
On-device speech recognition and AI cleanup, system-wide in any app. Audio and text never leave your Mac. No card needed for the trial.
Download for macOSWhat to do about it
If privacy is a priority, the decision tree is short. Choose a dictation app that transcribes on-device, that does not require an account tied to your dictations, and that lets you verify its behaviour with a simple offline test. Turn off any optional telemetry, and prefer tools that are honest about what they collect. If you already use a cloud tool and cannot switch, at least opt out of training, delete stored clips, and avoid dictating regulated content into it. You can compare the pricing of a fully local approach on our pricing page, but the principle holds regardless of tool: the safest metadata is the metadata that is never generated because nothing ever left your Mac.
Frequently asked questions
Does dictation metadata include the actual words I said?
Sometimes. Cloud dictation services may store transcripts and audio clips tied to your account for model training or quality review. Metadata around that, such as timestamps, device IDs and app names, can also be logged. On-device dictation avoids this because the audio and text never leave your Mac.
How can I check what a Mac dictation app sends?
Read the privacy policy for the word processing, turn on Little Snitch or Lulu to watch outbound connections, and try the app with Wi-Fi off. If dictation still works with no network and no blocked connection alerts, transcription is running locally on your Mac.
Is Apple Dictation fully private?
It depends on the mode. Apple offers on-device dictation for many languages, but some server-based features and Siri-linked settings can send audio to Apple. Check your Dictation and Siri privacy settings, and confirm which languages run locally on your Mac.
What metadata can a dictation app leak even if the audio stays local?
Even without uploading audio, an app can send analytics, crash reports, usage counts, device model, OS version, language settings and the names of apps you dictate into. Read the privacy policy and use a network monitor to see exactly what leaves your Mac.
Is BlaBlaType free of these metadata risks?
BlaBlaType runs speech recognition and AI cleanup entirely on-device, so audio and transcripts never leave your Mac. You can verify this by dictating with Wi-Fi off, which continues to work because nothing is sent to a server.