Local by default: privacy you can actually audit
OpenASR transcribes audio where it is recorded: an offline-default, no-auto-download boundary you can read in the source, all the way through to diarization.
Most speech-to-text products start with a cloud endpoint and bolt a privacy policy onto it. OpenASR starts from the other end: audio is transcribed on the machine that recorded it, and the transcription path never needs a hosted inference service. That is not a posture you have to take on trust — it is a boundary you can read in the source.
Privacy you can audit means the claims have to be small enough to check. Here are the ones that hold up in the current open core, each with the limit stated plainly.
Nothing downloads itself
OpenASR has no model or runtime auto-download surface. Normal flows are offline: there are no automatic model downloads during CLI, API, or default test runs, and no implicit network fetch triggered by registry metadata. Models arrive exactly one way — an explicit, user-initiated openasr pull, which resolves the catalog, downloads the selected pack, validates it, and records it as installed. Native execution then runs from a caller-provided local pack. Nothing reaches the network unless you ask it to.
One loopback surface
The only network-facing surface is the local server, and it speaks a focused OpenAI-compatible transcription subset over loopback HTTP by default: GET /health, GET /v1/models, and POST /v1/audio/transcriptions. Point an existing client at 127.0.0.1 and the audio goes to a process on your own machine, not a vendor’s. It is a deliberately narrow subset, not the full hosted API; the loopback OpenAI-compatible subset gets its own walkthrough.
Local by default is a boundary you can read in the source, not a privacy promise you have to take on faith.
OpenASR safety boundary, docs/FAQ.md
Auditable because it’s open
None of this requires taking OpenASR’s word for it. The engine is licensed Apache-2.0 and maintained as a public open core, so the boundary above lives in code you can read, fork, and test. Model packs are not part of that license bundle — they are distributed separately under their own permissive upstream licenses (MIT or Apache-2.0), so a free, openly licensed pack runs the engine end to end without dragging in anything you can’t inspect. Their current release — which packs are pullable today, and how the engine itself ships — is its own subject.
The default carries into diarization
The same posture is designed into the anonymous pure-Rust diarization substrate now landing in the engine. Speaker labels are anonymous and session-relative — SPEAKER_00, SPEAKER_01 — and the voice embeddings used to tell speakers apart are discarded at the end of the session. The one identity feature is optional and off by default. In the (unreleased) remote-compute mode the split is designed to be sharper: the server is intended to run the work and return only anonymous labels, and to not receive or store an enrolled voiceprint, because the mapping from an anonymous cluster to a known person is designed to stay on the client.
This is a shipped, opt-in feature, not just engine substrate — --diarize attributes anonymous speaker labels onto any model family’s transcript via WeSpeaker and pyannote capability packs — and the privacy contract is built in from the start rather than retrofitted.
None of these claims is large. Audio stays where it was recorded, nothing downloads itself, the only open port is loopback by default, and the boundary is open source you can audit end to end. That is the whole point: local by default is worth more when it is small enough to verify.