talkie
GET APP

· TALKIE / SECURITY

Security Approach.

Talkie is built so unfinished thoughts stay on your devices by default. Your library lives locally, sync can run through your iCloud, transcription can stay on device, and external providers are opt-in with your own keys.

· 01 / DATA FLOW

Where your data goes — and where it doesn't.

Solid traces are your data path. Dashed amber traces are opt-in only — text leaves the device solely when you explicitly route a workflow to an external provider.

SEC-01 / TALKIE.DATA.FLOWREV A.1
VOICE.INmic captureSIGU1 · TRANSCRIPTIONapple silicon / on-deviceSIGTXTU2 · LOCAL STOREsqlite · encrypted diskINSYNCU3 · ICLOUD SYNCyour apple-id · private dbINOUTOPT · EXT.MODELbyo keys · text onlyTXTOUT · YOUdrafts · tasks · searchINNET.01OPT.TEXT.ONLYNET.OUTsolid = your data path · stays on your devicesdashed = opt-in · byo keys · text only leaves device

Security Architecture

Data Sovereignty Model v1.2
Input (iOS)
Processing (macOS)
Services
User Owned Zone

iCloud

Encrypted CloudKit Container

iPhone

Input Context
1. Audio Capture (VAD)
2. Local Encryption
3. Sync Push

Mac

Runtime Details
1. Context Assembly
2. PII Redaction
3. Secure Dispatch
External Services
OpenAIOpenAI
AnthropicAnthropic
GoogleGoogle
NotionNotion
ZapierZapier
LinearLinear

Outbound: Text-Only Stream

Only the final, sanitized text prompt is sent. Audio files never leave your device.

· 02 / DATA INVENTORY

What is stored. What is not.

STORED

On your devices only.

  • Voice memos (locally, on your device)
  • Transcripts (locally, in SQLite)
  • Your library index (encrypted on disk)
  • API keys you provide (macOS Keychain only)
  • iCloud sync data (your Private CloudKit DB)
ON-DEVICE · LOCAL-FIRST
NOT STORED

Never on Talkie servers.

  • Audio files on Talkie servers
  • Transcripts on Talkie servers
  • Your API keys on Talkie servers
  • Any library content on Talkie servers
  • Usage telemetry linked to your content
TALKIE SYSTEMS · NO ACCESS

· 03 / PRINCIPLES

How the trust model is built.

01

On-device first

Your data lives in a local SQLite database file on your device’s encrypted disk. It is not just “cached” locally; it is authoritative locally. Deleting the app deletes the data.

02

You own the keys

We use Apple’s CloudKit for sync. Your data is encrypted with keys managed by your Apple ID. We (Talkie Systems) have no access to these keys and cannot decrypt your data.

03

On-device transcription

Transcription can stay 100% on device using Apple silicon. For later transformations, you can keep using local models or opt into external providers only when you choose to.

04

BYO providers

When you use an external provider, audio can stay on your device and only the text you choose to send leaves the machine. That keeps the trust boundary clear. Your keys are stored in the macOS Keychain and accessed only at runtime to sign requests.

05

Audit trails

Every network request initiated by a workflow is logged in a local, immutable audit trail. You can inspect exactly what text was sent to which API and when.

· 04 / VENDOR ISOLATION

The wall of separation.

Understanding who holds the keys to your data is critical. We use Apple's Private CloudKit container, which keeps your data on a different shelf from ours.

Apple Docs: Private DB PrivacyApple Docs: Data Encryption
No Access

Talkie Systems Inc.

(The Vendor)

We publish the app binary to the App Store.

We push updates and bug fixes.

· Cannot Decrypt Data
One-Way Delivery
App Store Binary
Wall of Separation
User Data
Full Custody

You & Apple ID

(The Data Owner)

Your devices generate the encryption keys.

Data resides in your Private CloudKit Database.

Only your authenticated devices can read it.

· Sole Proprietor

· 05 / ADVANCED DATA PROTECTION

Advanced Data Protection Ready

Nobody can decrypt it. Not even Apple.

Talkie fully supports Apple's optional Advanced Data Protection for iCloud. Because we utilize standard CloudKit Private Databases, enabling ADP in your Apple ID settings automatically extends strict end-to-end encryption to your Talkie data.

Keys stay with you

Encryption keys are stored only on your trusted devices, not on iCloud servers.

Zero Server Access

Neither Apple nor Talkie Systems can decrypt your data, even under warrant.

Learn about ADP

· 06 / COMPARISON

Talkie vs. hosted AI apps.

Feature
Talkie
Hosted AI Apps
Audio Processing
Local (Neural Engine)
Cloud Server
Database Location
Local Disk + iCloud
Vendor’s Cloud SQL
Offline Access
100% Full Functionality
Limited / None
Model Training
Never
Default Opt-in
API Key Ownership
User Owned
Vendor Owned

We don't run a cloud that stores your library.

By design, Talkie is built around local storage, iCloud custody, and provider choice. That keeps your memos, transcripts, and unfinished thoughts on your side of the line.

Talkie for MacmacOS 26+ · iOS 26+
curl -fsSL go.usetalkie.com/install | bash

Audio stays on device. Transcripts land in your local SQLite. iCloud sync runs through your keys, not ours.

· FOR DEVELOPERS

bun add -g @talkie/app
Read the docs