Back to home
Legal

Privacy Policy

Effective date: April 3, 2026  ·  Last updated: April 24, 2026

1. Overview

Stingwave ("we", "us", "our") is a voice dictation and AI assistant application developed by The CKT Group LLC. This Privacy Policy describes how we collect, use, and protect information when you use Stingwave on iOS, Android, macOS, or Windows.

We are committed to protecting your privacy. We do not sell your personal data to third parties.

2. Information We Collect

Voice audio: When you use voice recording features, audio is captured on your device and transmitted to our Cloudflare Worker proxy, which forwards it to Groq's Whisper API for transcription. Audio is not stored by us after transcription is complete.

Transcription text: The text output of your transcriptions is stored locally on your device and, if you choose to enable sync, written to your personal Google Sheets spreadsheet or Microsoft Excel workbook.

Account information: If you sign in with Google or Microsoft, we receive your email address and account name for the purpose of identifying your spreadsheet or workbook. We do not store your password.

Usage data: We do not collect analytics, crash reports, or behavioral tracking data beyond what is necessary to operate the service.

3. Google User Data

Stingwave requests the following Google OAuth scopes:

  • https://www.googleapis.com/auth/spreadsheets — to create and append rows to your Stingwave log spreadsheet
  • https://www.googleapis.com/auth/drive.file — to upload field note images to a Stingwave folder in your Google Drive

We access your Google Sheets and Google Drive only to write your own transcription and field note data, which you have explicitly initiated. We do not read, modify, or delete any files or spreadsheets other than those created by Stingwave.

Your Google data is never shared with third parties, never used for advertising, and never used to train AI models. Access tokens are stored locally on your device only and are not transmitted to our servers.

You can revoke Stingwave's access to your Google account at any time at myaccount.google.com/permissions.

4. Microsoft User Data

If you choose to link a Microsoft account, Stingwave requests access to create and edit Excel workbooks in your OneDrive (Files.ReadWrite scope) and to upload images. This data is written to your own OneDrive and is never accessed by us for any other purpose.

You can revoke access at any time at account.live.com/consent/Manage.

5. Third-Party Services

Stingwave uses the following third-party services to operate:

  • Groq — processes voice audio for transcription (Whisper API). Audio is sent over HTTPS and is subject to Groq's Privacy Policy.
  • Cerebras — processes AI text generation requests (e.g., CLEAN, PRO, NOTE, ASK modes). Text is sent over HTTPS and is subject to Cerebras's Privacy Policy.
  • Cloudflare — our API proxy routes requests between the app and AI providers. Cloudflare may log metadata per their standard policies.
  • Google APIs — used for Google Sheets and Drive integration when you choose to enable sync.
  • Microsoft Graph — used for Excel and OneDrive integration when you choose to enable sync.

6. Data Retention

Transcription history is stored locally on your device. Cloud sync (Sheets/Excel) stores data in your own account — we do not maintain a separate copy. You can delete your data at any time by clearing the app's local storage or deleting entries from your spreadsheet directly.

7. Data Security and Protection Mechanisms

We apply the following technical and organizational measures to protect sensitive data:

  • Encryption in transit: All data transmitted between the Stingwave app and our servers, AI providers, and Google/Microsoft APIs is encrypted using HTTPS (TLS 1.2 or higher). Voice audio, transcription text, and authentication tokens are never sent over unencrypted connections.
  • Secure token storage: Google and Microsoft OAuth access tokens and refresh tokens are stored exclusively in platform-provided secure storage — iOS Keychain, Android Keystore, or the macOS/Windows system credential store. Tokens are never written to plain text files or transmitted to our servers.
  • No server-side storage of sensitive data: We do not retain voice audio after transcription is complete. OAuth tokens are never stored on our servers. The only server-side data we hold is a mapping of your email address to your Stingwave spreadsheet identifier, stored in Supabase with row-level security enforced.
  • Access controls: Our backend infrastructure (Cloudflare Workers, Supabase) restricts data access to authenticated, authorized requests only. API keys and secrets are stored as environment variables and are never embedded in app binaries or source code.
  • Minimal data collection: We request only the OAuth scopes necessary to perform the features you explicitly use. We do not request read access to files or spreadsheets other than those created by Stingwave.
  • Security incident response: In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery and take prompt remediation steps.

8. Children's Privacy

Stingwave is not directed at children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page. Continued use of Stingwave after changes constitutes acceptance of the updated policy.

10. Contact

For privacy questions or to request deletion of your data, contact us at:
stingwavekeyboard@gmail.com
The CKT Group LLC