Privacy Policy
Hermetiq offers two products with different privacy models: a zero-cloud Mac app and a cloud-encrypted web version. This policy explains how each handles your data.
Last updated: January 28, 2026
Our approach to privacy
Hermetiq Mac
Zero-cloud, local-only processing:
- All data stays on your device
- No network access required
- We never see your data
Hermetiq Web
Cloud-encrypted processing:
- End-to-end AES-256 encryption
- Audio deleted after processing
- Regional data residency (US/EU)
Core privacy principles for both products:
- We do not use your data to train AI models
- We do not sell or share your data with third parties
- We collect the minimum data necessary to provide the service
- Your privacy is protected by architecture, not just policy
Information we collect
When you purchase a license
Payment processing is handled by Stripe. We receive:
- Email address (for license delivery and support)
- Billing country (for tax compliance)
- Transaction ID (for support inquiries)
We do not store or have access to your full payment details.
When you start a trial
To prevent trial abuse, we collect:
- Email address
- Device identifier (hardware-based, anonymized)
License validation
Hermetiq periodically verifies your subscription status. This check sends only your license identifier. No usage data, client information, or session content is ever transmitted.
What we don't collect
Hermetiq does not collect, transmit, or have access to:
- Session recordings or audio files
- Transcripts of therapy sessions
- Generated clinical notes
- Client names or information
- Usage patterns or analytics
- Crash reports or diagnostics
- Feature usage statistics
- Behavioral data
Local data storage
Your clinical data is stored encrypted in our secure database. You have full control over this data:
- Export your data at any time
- Delete individual records or all data
- Set auto-delete timers for transcripts
- Close your account to remove all stored data
Website analytics
Our website (gethermetiq.com) uses minimal, privacy-respecting analytics to understand general traffic patterns. We do not:
- Track individual users across sessions
- Sell or share visitor data
- Use retargeting or advertising pixels
Cookies
Our website uses essential cookies only for basic functionality (e.g., session management during checkout). We do not use tracking cookies, third-party cookies, or advertising cookies.
Third-party services
We use the following third-party services:
Groq (Web only)
AI infrastructure for speech-to-text and note generation. SOC 2 Type II, HIPAA, and GDPR certified. Zero data retention enabled—audio and text are not stored after processing.
Supabase (Web only)
Database and authentication for web users. SOC 2 Type II certified.
Stripe
Payment processing. Subject to Stripe's privacy policy.
Vercel
Website hosting. Subject to Vercel's privacy policy.
Audio files are processed for transcription and immediately discarded — they are never stored on our servers. Generated notes are stored encrypted until you delete them.
Data retention
License and billing records
Retained as required for tax and legal compliance, typically 7 years.
Trial records
Retained to prevent trial abuse. Email addresses are deleted upon request.
Support correspondence
Retained as long as necessary to provide support.
Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to processing of your data
- Data portability
To exercise these rights, contact us at privacy@gethermetiq.com
Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.
Contact us
If you have any questions about this Privacy Policy, please contact us:
Cyans SEZC Ltd
The Valley, Anguilla, B.W.I.