Privacy Policy

Last updated: February 2026

KiKu is designed with privacy as a core principle. Your audio, transcriptions, and notes never pass through our servers. We have no accounts, no cloud storage, and no analytics tracking.

What we collect

Nothing. KiKu does not collect, transmit, or store any user data on external servers. We do not have user accounts, databases, or analytics infrastructure. The App runs entirely on your Mac.

What stays on your device

All of the following data is created and stored locally on your Mac:

  • Audio recordings — Temporary audio files created during meeting recording, stored in your chosen directory
  • Transcriptions and summaries — Generated text saved as Markdown files in your local storage folder
  • App preferences — Settings like your chosen AI model, writing style, and feature toggles stored in macOS UserDefaults
  • Your OpenAI API key — Stored securely in macOS UserDefaults on your device
  • Meeting statistics — Word counts and meeting tallies stored locally for your personal overview

Third-party services

KiKu connects to exactly one external service:

OpenAI API

When you record a meeting or use voice features, audio is sent directly from your Mac to OpenAI's API using your personal API key. This includes:

  • Audio data sent to OpenAI Whisper for transcription
  • Transcription text sent to GPT for summarization
  • Text-to-speech requests when using voice readback
  • Voice command processing for dictation and AI commands

This communication happens directly between your Mac and OpenAI. KiKu has no intermediary server. OpenAI's handling of your data is governed by OpenAI's Privacy Policy and your API agreement with them.

By default, data sent through the OpenAI API is not used to train their models. Refer to OpenAI's API Data Usage Policy for current details.

Data sharing & your consent

By providing your own OpenAI API key in KiKu's Settings and using AI-powered features, you consent to the following data being sent directly from your Mac to OpenAI for processing:

  • Audio recordings — Sent to OpenAI Whisper for speech-to-text transcription when you record a meeting or use voice dictation
  • Meeting transcripts, titles, attendees, and agenda — Sent to OpenAI GPT for AI-powered note generation, including summaries, action items, and key decisions
  • Selected text — Sent to OpenAI when you use voice commands to summarize, translate, rewrite, or explain text in any application
  • Dictated audio — Sent to OpenAI Whisper for voice-to-text input when using the dictation feature

No data is transmitted until you (1) configure your own OpenAI API key and (2) actively initiate a feature such as starting a recording, using a voice command, or dictating text. Each transmission requires a deliberate user action.

KiKu does not share your data with any third party other than OpenAI as described above. KiKu has no intermediary servers — all communication occurs directly between your Mac and OpenAI's API.

Data retention

KiKu does not store any of your data on external servers. All files — audio recordings, transcripts, and meeting notes — are stored locally on your Mac and remain under your control.

Data sent to OpenAI for processing (transcription, summarization, text-to-speech) is handled according to OpenAI's API Data Usage Policy. By default, data submitted through the OpenAI API is not used to train their models and is retained for a limited period for abuse monitoring purposes only.

You can delete your local files at any time. Revoking your API key in KiKu's Settings immediately stops all data transmission to OpenAI.

Data protection

KiKu implements the following measures to protect your data:

  • Local storage security — All meeting notes, transcriptions, and audio recordings are stored locally on your Mac in your chosen directory. KiKu does not operate any external servers, databases, or cloud storage. Your data never leaves your device except when you actively use an AI-powered feature (as described in "Third-party services" above).
  • Credential security — Your API keys and authentication tokens (including Google and Microsoft OAuth tokens) are stored in the macOS Keychain, Apple's encrypted credential storage system. They are not stored in plain text, in user-accessible files, or transmitted to any server operated by KiKu.
  • Encryption in transit — All network communication — including OAuth authentication flows and API requests to OpenAI, Google, and Microsoft — is conducted exclusively over HTTPS (TLS-encrypted connections). KiKu does not make any unencrypted network requests.
  • OAuth 2.0 with PKCE — KiKu uses the OAuth 2.0 authorization framework with Proof Key for Code Exchange (PKCE) for Google and Microsoft authentication. PKCE provides additional protection against authorization code interception attacks, even in a native desktop application context.
  • Minimal data access — KiKu requests only the permissions necessary for its features. Calendar data is read solely to pre-fill meeting details and is not stored beyond the active session. Audio data is sent to OpenAI only when you actively initiate a recording or voice feature.

Calendar access

KiKu supports two calendar providers:

Google Calendar

If you connect your Google account, KiKu accesses your calendar data through the Google Calendar API using OAuth 2.0 authentication. KiKu requests the following Google API scope:

  • https://www.googleapis.com/auth/calendar.readonly — Read-only access to your calendars and events

KiKu uses this data solely to pre-fill meeting information (title, attendees, time, agenda, and meeting links) when you start a recording. This calendar data is:

  • Read on-demand and used only during the active session
  • Not stored persistently beyond the current app session
  • Not shared with any third party other than OpenAI when you actively initiate AI-powered note generation for that meeting
  • Not used for advertising, profiling, or any purpose unrelated to your meeting notes

Your Google OAuth tokens are stored securely in the macOS Keychain. You can disconnect your Google account at any time in KiKu's Settings, which immediately revokes local access and deletes stored tokens. You can also revoke KiKu's access from your Google Account permissions page.

KiKu's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Apple Calendar

If you use Apple Calendar, KiKu reads events through the native macOS EventKit framework. This is a local operation that does not involve any network requests. Calendar data is read locally and never transmitted anywhere beyond the OpenAI API call for meeting context.

Apple Notes

If you enable the Apple Notes export option, KiKu creates notes in your Apple Notes app using macOS automation (AppleScript). This is a local operation between apps on your Mac.

Permissions

KiKu requests the following macOS permissions, each for a specific purpose:

  • Microphone — To capture your voice during meetings and dictation
  • Screen recording — To capture system audio (other participants' voices in calls)
  • Accessibility — To enable system-wide voice dictation, text commands, and Apple Notes integration
  • Calendar — To read upcoming meetings for auto-fill (optional)

Children's privacy

KiKu is not directed at children under 13. We do not knowingly collect any information from children.

Changes to this policy

If we update this Privacy Policy, the revised version will be posted on this page with an updated date. Since KiKu does not collect email addresses or user accounts, we cannot notify you directly — please check this page periodically.

Contact

Questions about this Privacy Policy can be directed to us through kiku-notes.com.