Rapture Privacy Policy
Last updated: July 13, 2026 (v2.1.0 - Android is now fully on-device too; no Rapture servers remain)
At Bensolutions LLC, doing business as Noise Meld, we take your privacy seriously. This Privacy Policy explains how Rapture collects, uses, and protects your personal information.
One Architecture: On-Device
As of iOS 1.0.200 and Android 1.0.718, Rapture processes your voice entirely on your device. Transcription and AI formatting run locally, the apps work in airplane mode, and neither app makes requests to any server we operate. The remaining platform differences are small:
| iOS (version 1.0.200 and later) | Android (version 1.0.718 and later) | |
|---|---|---|
| Transcription | On your iPhone (Parakeet model on the Apple Neural Engine). Audio never leaves the device for transcription. | On your phone (Parakeet model via the sherpa-onnx runtime). Audio never leaves the device for transcription. |
| AI formatting | On your iPhone (on-device language model) | On your phone (on-device language model) |
| AI model delivery | Downloaded once from Hugging Face on first launch | Included in the Google Play install — no download |
| Account | None. No sign-in exists. Google Sign-In appears only as an optional connection for the Google destinations. | Same — no account, and Google Sign-In is an optional connection for the Google destinations. |
| Payment model | One-time purchase processed by Apple | One-time purchase processed by Google Play |
| Our servers involved? | No — the app makes no requests to any server we operate | No — the app makes no requests to any server we operate |
Earlier Android versions (before 1.0.718) used a cloud pipeline: Deepgram transcription and Google Gemini formatting via an API gateway we operated, with a server-tracked trial and subscription. That pipeline is retired and the gateway is being decommissioned; update the app to keep transcription working. The account, trial, and usage records the old system stored are being deleted as part of decommissioning — email support@noisemeld.com to request immediate deletion.
Data Collection
Rapture records audio via the device microphone only when you explicitly start a recording (by voice command or button). Recordings, transcriptions, and notes are stored on your device. They leave your device only when you choose a destination for them: your Google Drive, Google Docs, Google Tasks, iCloud Drive (iOS), Slack, Discord, Notion, Telegram (Android), an Obsidian folder in your Drive (Android), or Rapture for Mac (iOS — relayed to your own Mac through your iCloud). They are never stored on servers we operate — we do not operate any.
On-Device Processing (Both Platforms)
Transcription and AI formatting run entirely on your phone. The app works in airplane mode. Specifically:
- Speech-to-text runs on-device using the Parakeet model (on the Apple Neural Engine on iOS; via the sherpa-onnx runtime on Android). Your audio is never uploaded for transcription.
- Formatting (filler-word removal, titles, checkboxes) runs on an on-device language model. Your text is never uploaded for formatting.
- Model delivery: on iOS, the app downloads its speech and language models once from Hugging Face's content delivery network on first launch — an ordinary file download; no personal data or content accompanies it. On Android, the models ship inside the Google Play install, so no download happens at all.
- Network connections are made only to: services you explicitly connect (Google APIs, iCloud on iOS, api.notion.com, api.telegram.org on Android, Slack/Discord webhook URLs you create), Hugging Face (iOS model download), Apple or Google Play billing, and PostHog (anonymous analytics, described below).
- Delivery is opt-in and gated: every destination starts disabled, and automatic delivery additionally requires a deliberate one-time purchase. A fresh install sends nothing anywhere.
Data Protection Mechanisms for Sensitive Data
Rapture processes two categories of sensitive data: audio recordings and transcription text.
Audio Recordings Protection
| Protection Layer | Mechanism | Details |
|---|---|---|
| Processing | On-device (both platforms) | Transcription happens on the phone — audio is never sent anywhere for processing |
| In Transit | TLS 1.3 encryption | Any upload you enable (Google Drive, iCloud, webhooks) uses HTTPS with TLS 1.3 |
| At Rest (Device) | Device filesystem encryption | Protected by device-level encryption (iOS Data Protection / AES-256 on Android) |
| At Rest (Cloud) | Provider encryption | Google Drive / iCloud encryption (AES-256) managed by Google/Apple infrastructure |
| Storage | User-controlled | Audio stored only on your device and in destinations you enable — never on servers we operate |
Transcription Text Protection
| Protection Layer | Mechanism | Details |
|---|---|---|
| Processing | On-device (both platforms) | Formatting happens on the phone — text is never sent anywhere for processing |
| In Transit | TLS 1.3 encryption | Deliveries you enable (Google Docs, Notion, Slack, Discord, Telegram, Tasks) use HTTPS with TLS 1.3 |
| At Rest (Device) | Device filesystem encryption | Local notes protected by device encryption (iOS Data Protection / Android AES-256) |
| At Rest (Cloud) | Provider encryption | Destination services (Google, Apple, Slack, Discord, Notion, Telegram) encrypt stored content per their infrastructure |
| Storage | User-controlled | Transcriptions stored only on your device and in destinations you enable — never on servers we operate |
Key Protection Principles
- No server-side content storage: Audio recordings and transcription text are NEVER stored on servers we operate — we operate no app servers at all
- On-device on both platforms: Transcription and formatting never leave the phone
- No third-party AI processing: No audio or text is sent to any AI service on either platform
- User ownership: Delivered content lives in your own accounts (your Drive, your iCloud, your Slack workspace) under your control
- Encryption everywhere: TLS 1.3 in transit; AES-256-class encryption at rest on device and in destination clouds
Third-Party Security Certifications
- Google Cloud (Drive/Docs/Tasks destinations): ISO 27001, SOC 2/3, GDPR compliant
Google Drive Access
If you connect Google, we request Drive access to save your recordings and formatted notes to your personal Drive storage. You control this data and can delete it at any time from your Google Drive. On both platforms this connection is entirely optional and exists only to enable the Google destinations (Drive, Docs, Tasks).
iCloud Drive Access (iOS)
On iOS, you may enable iCloud Drive as a destination. Files are saved to a dedicated Rapture folder in your personal iCloud Drive. Apple manages iCloud encryption and sync across your Apple devices. We do not access your iCloud data beyond the Rapture folder.
Authentication
- Both platforms: Rapture has no account and no login. Google Sign-In is offered only as an optional, connect-only integration that enables the Google Drive, Docs, and Tasks destinations. Disconnecting it removes our access.
- iOS legacy note: Earlier iOS versions offered Sign in with Apple; it has been removed, and any locally stored Apple credentials are deleted by the app.
- Android legacy note: Earlier Android versions used Google Sign-In for trial and subscription tracking; that system is retired (see the note at the top of this policy).
Microphone Access
We request microphone permission to record your voice notes. Recording only occurs when you explicitly activate it via voice command ("Hey Siri, Rapture this" on iOS or "Hey Google, open Rapture" on Android) or the record button.
Google API Services User Data Policy Compliance
Limited Use Disclosure
Rapture's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Data Source Clarification
Critical distinction: Audio is captured directly from your device's microphone using native platform APIs. This is user-generated content created on your device — it is NOT data obtained from any Google API. On both platforms it is transcribed on the device itself.
Google services (Drive, Docs, Tasks) are used exclusively as DESTINATIONS for storing your recordings, notes, and tasks. Data flows INTO Google services — it is never read from Google and sent elsewhere.
Explicit Compliance Statement
- No Google User Data to AI services: Data obtained from Google APIs (Drive files, Docs content, Tasks, user profile) is NEVER sent to any AI service or other third party.
- No AI training: We do not use Google User Data to develop, improve, or train generalized AI or machine learning models. The on-device models the apps use are pre-trained and never train on your data.
- Google as destination only: Google services receive data from your device — they are never used as a data source for third-party processing.
- User control: All content stored in Google services remains under your control and can be deleted at any time.
AI Processing
Transcription (Parakeet) and formatting (an on-device language model) run locally on your phone — on both platforms. No audio or text is sent to any AI service, and nothing about this processing is visible to us or anyone else.
No AI Training
We do not use your data to train artificial intelligence or machine learning models — on either platform. Your audio, transcriptions, and notes are processed solely to provide the features you request. The on-device models are pre-trained and never train on or learn from your data.
Analytics
We use PostHog for privacy-respecting product analytics. PostHog collects:
- App usage events (e.g., recording created, feature used) — never transcription text or audio content
- Crash and error data for reliability monitoring
- Purchase events (e.g., paywall viewed, purchase completed)
- An app-generated identifier for grouping events. There is no account on either platform, and the app never links analytics to your identity.
We do not collect personally identifiable information (names, email addresses) or note content in analytics events. PostHog data is used solely for improving the app and is not shared with advertisers or data brokers.
Tracking & Advertising
Rapture does not track you. Specifically:
- We do not use Apple's IDFA (Identifier for Advertisers) or request App Tracking Transparency permission
- We do not use Google's Advertising ID
- We do not display advertisements of any kind
- We do not share data with advertising networks or data brokers
- We do not link your data with third-party data for advertising or measurement purposes
Data Sharing
We do not share, sell, or transmit your data to any third parties beyond the services you authorize:
- Google Drive / Google Docs: Your recordings and notes (your personal storage), if you enable the destination. The Obsidian destination on Android writes Markdown files into a folder in your Drive.
- iCloud Drive (iOS): Your recordings and notes (your personal storage), if you enable the destination
- Rapture for Mac (iOS): Notes relayed to your own Mac through your iCloud account, if you enable it — no third party involved
- Google Tasks: Task titles extracted from your notes (stored in YOUR Google Tasks), if you enable the destination
- Slack / Discord: Notes posted to webhook URLs that you create in your own workspace/server, if you enable them
- Notion: Notes created in a database you share with your own Notion integration, if you enable it
- Telegram (Android): Notes sent to your own chat via a bot token you create, if you enable it
- PostHog: Anonymous usage analytics (no PII or content data)
Purchases
Rapture offers a single one-time purchase that unlocks automatic delivery to your destinations. It is processed entirely by Apple (App Store) or Google (Google Play) and verified on your device. We operate no server for it and receive no name, email, payment details, or purchase history. There are no subscriptions and no trials.
Data Retention
- Local recordings and notes: Stored on your device until you delete them (or delete the app)
- Delivered content: Stored in your own accounts (Drive, iCloud, Slack, etc.) until you delete it there
- Analytics events: Held by PostHog under our project; email support@noisemeld.com to request deletion
- Retired Android trial system: Records are being deleted as part of decommissioning the old gateway (see the note at the top of this policy)
Your Rights (GDPR & International Users)
You have the right to:
- Access: Request a copy of all data we hold about you (for current app versions, this is at most anonymous analytics)
- Deletion: Request deletion of data we hold; deleting the app removes all local data, including the on-device AI models
- Portability: Your recordings and notes are already in your own storage (device, Drive, iCloud) in standard formats
- Rectification: Correct inaccurate data by contacting us
- Opt-out: Disable any destination at any time, or uninstall the app
To exercise these rights: Email support@noisemeld.com with your request. We will respond within 30 days as required by GDPR and CCPA.
International Data Transfers
Because processing happens on your device and we operate no app servers, we do not transfer your content anywhere. Content you deliver goes directly from your device to the services you chose, under their regional policies. Anonymous analytics events are processed by PostHog in the United States. We comply with applicable data protection laws including GDPR (EU) and CCPA (California).
Children's Privacy
Rapture is not directed to children under 13 years old. We do not knowingly collect personal information from children. If you believe a child has provided data to Rapture, please contact us immediately.
Contact
For questions about this privacy policy or to exercise your data rights, contact us at: support@noisemeld.com
Response time: Within 30 days for all data requests (GDPR/CCPA compliant)
Legal Entity: Bensolutions LLC
DBA: Noise Meld
Location: Pennsylvania, United States