← Back to home Legal

Privacy Policy

Effective date: May 29, 2026

This Privacy Policy explains what user data the Murmur Chrome extension and the Murmur desktop application for Windows collect, how that data is handled, where it is stored, and with whom it is shared. Murmur is local-first: every category of data described below is handled on your own device and routed only to the third-party transcription provider you select, using your API key. Murmur operates no server of its own.

1. Summary

• Murmur runs entirely on your computer or in your browser.
• We, the makers of Murmur, do not operate any server that receives your audio, transcripts, or settings.
• Your API key is yours; it is stored on your device and used only to talk to the transcription provider you chose.
• When you dictate, your audio is streamed directly from your device to the provider you selected (Groq, Google Gemini, OpenAI, Anthropic, or OpenRouter). Their privacy policies apply to that leg.
• A local store on your device keeps your recent transcripts until you clear them.

2. Data we collect

The Murmur Chrome extension collects and accesses the following categories of user data. All collection happens on your own device; nothing is transmitted to a server operated by us.

• Authentication information — API keys. The API key you paste into the extension's options page for your chosen transcription provider (Groq, Google Gemini, OpenAI, Anthropic, or OpenRouter). This is collected from your direct input in the options page and persisted to chrome.storage.local.
• Personal communications — audio. When you press the dictation hotkey, the extension captures audio from your microphone via an offscreen document using getUserMedia and MediaRecorder. Audio is held only in memory for the duration of one dictation utterance.
• Personal communications — transcripts. The text returned by the transcription provider after processing your audio. Each transcript is written into the focused text field on the active tab (or placed on your system clipboard if in-place insertion is blocked by the page), and appended to a local recents history stored in chrome.storage.local.
• User preferences. Hotkey configuration, dictation mode (push-to-talk vs. toggle), format mode (smart-format vs. verbatim), custom dictionary entries, the accuracy-review tier, and the retention period for the recents history. Persisted to chrome.storage.local.
• Active-tab context (transient). When you trigger dictation, the extension reads the identity and focused element of the currently active tab in order to deliver the transcript to the right place. This data is not persisted.
• Service-worker diagnostic logs. The extension's background service worker emits diagnostic logs (button clicks, errors, retry counts) visible only in Chrome's service-worker inspector. These logs do not contain audio or transcript contents and are not transmitted anywhere.

Murmur does not collect: personally identifiable information beyond the categories above, financial or payment data, health data, location, web browsing history, generalized user-activity tracking, website content beyond the focused element on the active tab, telemetry, crash reports, analytics events, IP addresses, device identifiers, advertising identifiers, or any form of fingerprinting.

The Murmur desktop application for Windows collects the equivalent categories on your computer rather than your browser. See Section 4 for the desktop-specific storage locations.

3. How we handle and use your data

Each category of collected data is handled only in the ways listed below. Murmur does not use any data for any purpose outside its single purpose of voice dictation.

• API keys are read from local storage and attached as the Authorization header on outbound HTTPS requests to whichever transcription provider you configured. They are not logged and not transmitted to any other destination.
• Audio is captured by the offscreen document, streamed over HTTPS to your chosen provider's transcription endpoint, and discarded from memory as soon as the request completes. Audio is never written to disk.
• Transcripts are inserted at the cursor on the active tab using the appropriate DOM API for the focused element (input, textarea, contenteditable). On pages that block direct insertion (Google Docs's canvas editor is the common case), the transcript is placed on your system clipboard via the clipboardWrite permission and a desktop notification confirms the copy so you can press Ctrl+V to paste it. Each transcript is also appended to your local recents history.
• Accuracy-review processing (optional). If you opt in, the transcript text only (never the original audio) is sent to a chat model — Groq, Gemini, OpenAI, Anthropic, or OpenRouter, whichever you selected — to correct homophones, restore dropped negations, and fix garbled names. The reviewed text replaces the original transcript before it is inserted at the cursor.
• User preferences are read at startup and on change to configure the extension's behavior.
• Active-tab context is used solely to route the transcript to the correct focused element on the tab that had focus when you triggered dictation.
• Notifications. The extension uses Chrome's notifications permission to surface error messages (microphone access denied, transcription failed, API quota exceeded) and a brief "transcript copied to clipboard" confirmation. Notifications are generated locally and contain no analytics payload.
• Alarms. The extension uses Chrome's alarms permission to schedule a once-per-day cleanup that prunes recents-history entries older than your configured retention period. The alarm carries no payload and is not reported anywhere.

4. How and where your data is stored

Murmur stores user data only on your own device. We operate no cloud storage, no backend, and no synchronization service.

Chrome extension storage (in your browser profile):

• API keys — stored in chrome.storage.local, encrypted at rest by Chrome's profile encryption, scoped to your Chrome profile, never synced across browsers.
• User preferences — stored alongside the API key in chrome.storage.local.
• Recents history — stored in chrome.storage.local. Pruned automatically once a day to your configured retention period (default: 30 days). Cleared immediately and permanently when you press "Clear history" in the side panel; there is no soft-delete and no recoverable trash.
• Side-panel state — minor UI state (current tab, expanded entry) stored in chrome.storage.local.
• Service-worker diagnostic logs — visible only in Chrome's developer service-worker inspector while the worker is alive. Not persisted to disk by Murmur.
• Audio — not stored. Held in memory in the offscreen document for the duration of one dictation utterance, then discarded.

Desktop application storage (on your Windows computer):

• API keys — stored using the Windows Data Protection API (DPAPI) in the application's user data folder, scoped to your Windows user account.
• User preferences — stored as JSON in your Windows user profile.
• Recents history — stored as history.json in the application data folder. Cleared instantly when you press "Clear" in the app.
• Application logs — stored in the application data folder. They do not contain audio.

None of the files listed above are transmitted anywhere by Murmur. Retention is controlled entirely by you: clear the recents history at any time, or uninstall the extension or application to remove every locally stored Murmur file.

5. How and with whom your data is shared

The only parties that receive any data from Murmur are the third-party transcription providers you explicitly configure. Murmur acts as a client to those providers, using the API key you supplied. The contractual relationship for that data is between you and the provider — not between you and Murmur.

• Groq, Inc. — when you select Groq, your audio is streamed over HTTPS to api.groq.com using your API key, for transcription via whisper-large-v3. Their handling of that data is governed by Groq's published privacy policy and terms of service.
• Google LLC (Gemini API). — when you select Gemini, your audio is streamed over HTTPS to generativelanguage.googleapis.com using your API key, for transcription via a Gemini model. Google's API privacy terms apply.
• OpenAI, Anthropic, OpenRouter. — these providers are reached only if you enable the optional accuracy-review feature, and only the transcribed text (never the original audio) is sent to api.openai.com, api.anthropic.com, or openrouter.ai, using your API key. The chosen provider's privacy policy and terms apply.

We do not sell user data. We do not transfer user data to any third party other than the transcription provider you select, in the manner described above. We do not use user data for advertising, profiling, fingerprinting, retargeting, creditworthiness determination, or lending. We do not use user data for any purpose unrelated to Murmur's single purpose of voice dictation.

6. Cookies and tracking

Neither the Murmur desktop application nor the Chrome extension uses cookies, advertising identifiers, fingerprinting, or any form of tracking. The marketing website (this page) is served as static files and does not set tracking cookies.

7. Children's privacy

Murmur is not directed at children under 13, and we do not knowingly process information about children. Because we operate no servers and collect no information centrally, we have no records to delete; a parent or guardian who needs help removing data from a child's local installation can clear the local recents history from the side panel and then uninstall the extension or application.

8. Security

Browser-stored API keys benefit from Chrome's profile encryption. Desktop-stored keys are encrypted with Windows DPAPI, scoped to your Windows account. All outbound requests to transcription providers use HTTPS. Neither encryption-at-rest mechanism survives compromise of your user account at the operating-system level — keep your machine secure and rotate API keys at the provider if you suspect exposure.

9. Your rights and choices

Because Murmur stores nothing on our side, requests to access, export, correct, or delete personal data are handled by you directly:

• Access / export: open the side panel; every stored transcript is visible and individually copyable.
• Deletion: press "Clear history" in the side panel to delete all transcripts immediately, or uninstall the extension to remove every locally stored Murmur file (API key, preferences, history).
• Opt-out of collection: do not press the dictation hotkey. No audio is captured and no transcript is produced unless you initiate it.
• Provider-side data: for any data held by the transcription provider you chose (Groq, Google, OpenAI, Anthropic, OpenRouter), contact the provider directly using the channels they publish. Murmur cannot access or delete data on those providers' behalf.

10. Changes to this policy

If we materially change this policy, we will update the effective date at the top and post the change on this page. Because Murmur cannot reach you, please check back here from time to time if this matters to you.

11. Contact

Because Murmur operates no servers and stores no data centrally, there is no account to access and no server-side data for us to retrieve, export, or delete on your behalf. You control every piece of Murmur data yourself, locally, as described in Section 9: clear your recents history at any time from the side panel, or uninstall the extension or application to remove every locally stored Murmur file (API key, preferences, and history).

← Back to home