Privacy Policy

Overview

Cipher is built with privacy as a core principle. We believe your data belongs to you — not us, not advertisers, not third parties. This policy explains what data Cipher accesses, how it’s processed, and where it’s stored.

Data We Collect

Cipher processes the following data to provide its core functionality:

• Voice note transcripts — text converted from your speech recordings. No audio recordings are sent to third parties; only the resulting text.
• Chat messages — messages you send when using the “Ask Flow” AI chat feature, along with context from your recent notes.

Cipher does not collect personal information (name, email, phone number), device identifiers, advertising IDs, location data, or usage analytics. We do not use any analytics SDKs, tracking pixels, or third-party data collection tools.

How Data Is Collected and Processed

Cipher offers both on-device and optional cloud AI processing:

• Speech recognition — uses Apple’s on-device Speech framework. Audio is processed locally and never sent to any server.
• On-device AI processing — local models (Gemma, Qwen, Llama) run entirely on your device without an internet connection. Your transcripts are processed on your phone and never leave it.
• Cloud AI processing (optional) — if you choose a cloud AI provider, the transcript text is sent to that provider’s API for structuring (title, summary, to-dos, tags). When using Ask Flow, your chat messages and context from recent notes are sent to the cloud provider.
• Data storage — all notes, to-dos, projects, and tags are stored in secure local storage on your device.

When Data Is Shared with Third Parties

Data is shared with a third-party AI provider only when you explicitly choose to use a cloud AI provider. Cipher supports fully on-device AI processing that keeps all data local with no data leaving your device.

Before any data is sent to a cloud provider, Cipher displays a consent alert that names the specific provider and lists exactly what data will be shared. You must tap “Allow” before any data leaves your device.

You can revoke cloud access and switch back to on-device processing at any time.

Third-Party AI Providers

Cipher supports a Bring Your Own Key (BYOK) feature that lets you connect your own API key to use cloud-based AI providers. The following providers are supported:

• OpenAI — api.openai.com
• Google Gemini — generativelanguage.googleapis.com
• Groq — api.groq.com
• OpenRouter — openrouter.ai
• Mistral — api.mistral.ai
• Together AI — api.together.xyz

When you use a cloud AI provider:

• Transcript text and chat messages are sent directly from your device to the provider you selected. Cipher does not store data on its own servers.
• Synonymy does not receive, intercept, store, or have access to this data at any point.
• Your API key is stored locally on your device and is never transmitted to Synonymy.
• Each provider’s own privacy policy governs how they handle the data they receive.

No Account Required

Cipher does not require you to create an account, sign up, or log in. There is no authentication system, no user database, and no server-side user profiles.

Data Deletion

Since all data is stored locally on your device, you have full control over it at all times. You can delete individual notes, to-dos, or projects within the app. Uninstalling Cipher removes all app data from your device.

Children’s Privacy

Cipher is not intended for children under 13. We do not knowingly collect personal data from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated effective date.

Contact

If you have questions about this Privacy Policy, contact us at hello@synonymy.studio.