Privacy

Your voice, your hardware.

OpenASR transcribes on your own machine. This page lists every network connection the CLI, server, and desktop app make — there is nothing beyond what's below.

The short version

OpenASR does not phone home. There is no telemetry, no analytics SDK, no account, and no cloud transcription path. Audio you transcribe stays on the device it was recorded on, and is never uploaded, unless you explicitly turn on the opt-in Remote Compute feature described below.

What does reach the network, and when

1. Model downloads

Pulling a model — via openasr pull, the onboarding flow, or the Models screen in the desktop app — is something you trigger. It fetches an .oasr pack from Hugging Face, resolved through the Ed25519-signed model catalog at catalog.openasr.org, and verifies its pinned checksum before installing. The CLI's --offline flag and the server's request path never download anything; the only place a model can be pulled without a direct click is the server's operator-authenticated pull API, which still requires you to call it.

2. Desktop auto-update checks

The desktop app checks dl.openasr.org's signed latest.json manifest for your selected release channel (stable or preview) shortly after launch, and again if you click "Check for updates." A check does not install anything by itself — downloading and installing a newer build, and relaunching into it, are separate steps you trigger yourself.

3. An optional Hugging Face token

If you add a Hugging Face access token in Advanced Settings (for gated or rate-limited model downloads), it is sent only to huggingface.co and stored locally at ~/.openasr/desktop-hf-token with file permissions restricted to your user account (0600). It never leaves your machine except in requests to Hugging Face itself.

4. Optional Remote Compute

Remote Compute is an off-by-default feature that lets you pair the desktop app with another device you control running the OpenASR server, so transcription can run there instead of locally — useful if you want to point a laptop at a more capable machine on your network. The connection is TLS, pinned to that specific device on first pairing (trust-on-first-use with a safety code you confirm), and only ever talks to the device you paired with — never a company server. If you never enable it, no audio leaves the machine, full stop.

What OpenASR does not do

  • No telemetry or usage analytics, in the CLI, server, or desktop app.
  • No account or sign-in required to transcribe.
  • No cloud transcription path — native is the only transcription backend, and it always runs locally.
  • No background collection of your audio, transcripts, or files.

Verify it yourself

These aren't just claims: the code that decides what touches the network is part of the Apache-2.0 open core. Read the model-pull path, the server's transcription route, and the catalog verification logic directly — nothing here depends on taking our word for it.

Questions or something look off? Open an issue on GitHub.