Privacy Policy
Last updated: July 4, 2026
Verba is a local-first transcription tool for therapists and counselors. Your session recordings and transcripts are processed entirely on your own device and are never uploaded to us or anyone else. This policy explains the limited data we do handle — for this website, and for optional app diagnostics — and the choices you have.
The short version
- Your recordings and transcripts stay on your device. We never receive them.
- The desktop app works fully offline. Optional diagnostics are off by default and carry no session content.
- This website uses privacy-friendly analytics that set no cookies and store no identifiers in your browser.
- We don't sell your data, and we don't use it to train AI models.
Who we are
Verba is a desktop application and this website, operated by Via Studio ("we", "us"). We are the data controller for the limited data described in this policy. Questions: hello@verbanote.app.
The desktop app: everything stays on your device
When you transcribe a session, the audio, the transcript, your edits, and any exported files are created and stored locally on your computer, under your operating-system user account. Transcription and speaker separation run on models that ship inside the app and execute on your machine.
We do not receive, store, or have any access to your recordings or transcripts. Because the processing is local, the app can run with no network connection at all.
Because recordings are processed only on your device, you (or your practice) are the data controller of your clients' information under laws like the GDPR and Korea's PIPA; Verba is software you run, and we act as neither a controller nor a processor of your session content.
Optional app diagnostics (off by default)
To fix bugs and understand which features are used, the app can send diagnostics — but only if you turn them on. During first-run setup you can choose "Privacy Mode," which sends nothing, and you can change your choice at any time in the app's settings.
If you opt in, we collect the following, tied to a random device identifier we cannot link to your name or identity:
- Usage statistics: app opened, a transcription started or finished, an export format used, processing performance, and the approximate length band of the audio (never the audio itself).
- Device information: basic hardware specs (CPU, memory, graphics card) and the app version.
- Your first-run setup answers: your role, how you heard about Verba, the kinds of sessions you transcribe, and your language.
- Crash reports: technical error details (such as a stack trace), the app version, and operating-system information.
- We never collect your audio, your transcripts, or any client or session content — in any of the above.
- Turning diagnostics off in settings stops all of these immediately.
This website
On this website we use privacy-friendly analytics to see how many people visit, which pages and buttons they use, and roughly where visitors come from, so we can improve the site. The website never handles any recordings, transcripts, or client information.
- Vercel Web Analytics — aggregate, cookie-less traffic measurement.
- PostHog (EU-hosted) — page views and clicks, routed through our own domain, in a privacy-conscious mode: no profile is built for anonymous visitors, and nothing is stored in your browser.
Cookies and local storage
The website stores one thing in your browser: your language preference (English or Korean), in local storage. Our analytics set no cookies and store no identifiers in your browser. We do not use advertising or cross-site tracking cookies.
You can clear or block local storage in your browser's settings at any time; the site keeps working (it just forgets your language choice).
Who processes data for us
We do not sell your personal data, and we do not share it with third parties for their own purposes. We rely on a small number of service providers that process data only on our behalf:
- Vercel — website hosting and analytics.
- PostHog — app and website analytics.
- Sentry — app crash reporting (only if you enable diagnostics).
- Supabase — storage of your first-run setup answers (only if you enable diagnostics).
Our legal bases (EU/UK)
Where the GDPR applies: we rely on your consent for app diagnostics — you can withdraw it at any time in the app's settings — and on our legitimate interest in understanding and improving this website for the website analytics described above. We never process your session content on any basis; it stays on your device.
Where data is processed
Website analytics are processed by PostHog in the European Union, and by Vercel in the United States and on its global network. If you enable app diagnostics: usage events go to PostHog in the EU; your first-run setup answers are stored with Supabase in Japan — a country the EU recognizes as providing adequate data protection; and crash reports go to Sentry in the United States. Where data leaves the EU, we rely on recognized safeguards such as adequacy decisions, the EU–U.S. Data Privacy Framework, or standard contractual clauses.
Your recordings and transcripts never leave your device, so they are not transferred anywhere.
How long we keep data
We keep the limited data we collect only as long as it is useful for understanding trends and fixing problems, and then delete it or reduce it to aggregate statistics: usage statistics and website analytics for up to [24 months], crash reports for up to [90 days], and first-run setup answers for [retention period to be confirmed]. We hold no session content, so there is nothing of yours to retain.
Your rights
Depending on where you live — including under the EU GDPR and Korea's PIPA — you may have the right to access, correct, or delete personal data we hold, and to object to or restrict certain processing. If you've enabled diagnostics, you can withdraw that consent at any time in the app's settings, and you can ask us to delete the diagnostics data associated with your device. Because what we hold is identified only by a random device ID, we may need your help (your device ID from the app's settings) to locate it.
To make a request, contact hello@verbanote.app. You also have the right to lodge a complaint with your local data-protection authority.
Children
Verba is a professional tool for licensed clinicians and trainees. It is not directed to children, and we do not knowingly collect data from children.
Security
For the limited data we handle, we take these measures: we collect no direct identifiers (no names or emails), all transmission is encrypted in transit (HTTPS/TLS), access to our processing systems is restricted, and we oversee the service providers listed above.
Your session content is protected by your own device, since it never leaves your machine. The app does not additionally encrypt its local files, so we recommend a strong login password, full-disk encryption (such as BitLocker), and normal access controls on the computer you use Verba on.
Changes to this policy
We may update this policy as the product evolves. We'll change the "last updated" date above, and for material changes we'll provide a more prominent notice.
Contact
Questions or requests about privacy: hello@verbanote.app. [A privacy officer and a dedicated contact for Korean users will be listed here once finalized.]