Overview
Steno is a privacy-first, open-source meeting notes application that runs entirely on your local device. We are committed to protecting your privacy and being transparent about our data practices.
Data that stays on your device
The following data is processed and stored exclusively on your Mac and is never transmitted to any external server:
- Audio recordings of your meetings
- Transcriptions generated by the local Whisper model
- AI-generated summaries, action items, and key points
- Session names, folders, and organizational data
Google Calendar integration (optional)
If you choose to connect Google Calendar, Steno accesses your calendar data with the calendar.readonly scope. This means:
- Steno can only read your calendar events — it cannot create, modify, or delete events
- Event data (titles, times, attendees, descriptions) is fetched directly from Google's API to your device
- Calendar data is held in memory only and is never written to disk or sent to any third-party server
- OAuth tokens are encrypted using macOS Keychain (via Electron safeStorage) and stored locally
- You can disconnect Google Calendar at any time from Settings, which revokes access and deletes stored tokens
Google user data: collection, use, and protection
This section describes how Steno handles data received from Google APIs, in compliance with the Google API Services User Data Policy.
Data accessed
When you connect Google Calendar, Steno accesses the following Google user data via the calendar.readonly scope:
- Calendar event titles and descriptions
- Event start and end times
- Attendee names and email addresses
- Event metadata (location, recurrence, status)
Data usage
Google Calendar data is used solely to:
- Display your upcoming meetings within the Steno interface so you can quickly start recording a session
- Auto-populate meeting names and attendee lists for your transcription sessions
Google user data is never used for advertising, profiling, or any purpose unrelated to the app's core meeting-transcription functionality.
Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models. Data retrieved from Google Workspace APIs (including Google Calendar) is used solely for the user-facing features described above and is never used as training data, fine-tuning data, or input to any AI/ML model — generalized or otherwise.
Data sharing
Steno does not share, sell, or transfer Google user data to any third party. Calendar data stays entirely on your device and is never sent to Steno servers, analytics services, or any other external service.
Data storage and protection
- Calendar event data is held in memory only while the app is running. It is never persisted to disk.
- OAuth refresh and access tokens are encrypted at rest using macOS Keychain via Electron's safeStorage API, which provides OS-level encryption tied to your user account.
- All communication with Google APIs occurs over HTTPS/TLS.
Data retention and deletion
- Calendar event data is not retained — it exists only in application memory and is discarded when the app is closed or when you navigate away from the calendar view.
- OAuth tokens are retained locally until you disconnect Google Calendar.
- To delete all Google data: Open Steno Settings and click "Disconnect Google Calendar." This immediately revokes the OAuth token with Google and deletes all stored credentials from your device.
- Uninstalling Steno also removes all locally stored tokens and data.
- You can also revoke access at any time from your Google Account permissions page.
Analytics (optional)
Steno includes optional, privacy-safe analytics via PostHog to help improve the product. This can be disabled in Settings. When enabled, we collect:
- Anonymous usage events (e.g., "recording started", "summary generated")
- Duration buckets (e.g., "5-15 minutes") — never exact durations
- App version and platform information
We never collect or transmit: audio content, transcript text, summary content, file paths, meeting names, or any personally identifiable information.
Third-party services
Steno connects to the internet only for:
- Google Calendar API (if connected by you)
- PostHog analytics (enabled by default — can be disabled in Settings)
- Checking for app updates via GitHub
Contact
For privacy-related questions, open an issue on GitHub or reach out on Discord.