Your data stays yours.
undo builds local-first AI: our products run on your own computer, and the things you create with them — your words, audio, and conversations — never leave your device. This policy explains the limited, non-content data the apps and this website do handle, and your rights over it.
Last updated: 16 June 2026
Local-first by design
undo's applications (such as Speech with Me) run their AI — speech recognition, the language model, and text-to-speech — locally on your own machine. Your conversations, transcripts, saved words, and audio are never transmitted to us or to any third party. There is no cloud processing of your content, and the core apps work fully offline.
Limited, non-content data
Product usage analytics (non-content). To understand how the apps are used and to deliver updates and security fixes, an app may send basic technical data to our service at undo.tech: the app version, operating system, a device/computer name, anonymous install and session identifiers, launch and usage counts, update checks, and coarse hardware/distribution details. This never includes the content you create.
Optional account. You can use the core apps without an account. If you choose to sign in with Google (and, in the future, Apple), we receive your email address, name, and the sign-in provider, and create an account identifier. We use this only to provide your account, updates, support, developer messages, licensing/entitlements, and a remote safety switch for the software.
Website. This website uses only the cookies needed for basic functionality and, if you sign in, your authenticated session. We do not run advertising or cross-site tracking, and we do not sell your data.
Phone Companion.Speech with Me's optional phone access runs a server on your own Wi-Fi so a phone on the same network can talk to your coach. It is off by default and protected by a pairing code; the audio and AI processing stay on your local network — not sent to the internet or to us.
Purposes & legal bases (GDPR)
We process the data above to: operate and improve the products; deliver updates and security/safety controls; provide your account, support, and messages; and, where applicable, manage licensing. Our legal bases (EU/UK GDPR, Art. 6) are our legitimate interests in running and securing the software and understanding aggregate usage; your consent and the performance of a contract where you create an account or purchase a license. You may withdraw consent or object at any time (see Section 7).
Functional & authentication only
We set small, first-party cookies for: anonymous usage measurement (an install identifier and a session identifier, used to count visits and sessions) and, when you sign in, a secure authentication session. We do not use advertising, profiling, or cross-site tracking cookies. You can clear or block cookies in your browser; some account features will then not work.
Service providers, not advertisers
We do not sell your personal data or share it with advertisers or data brokers. We use a small number of processors strictly to run the service:
- Supabase — our database and authentication provider (stores account and usage data).
- Google (and, later, Apple) — only if you choose to sign in with them.
- GitHub — hosts the app download files you fetch from this site.
- Our hosting provider for this website.
We may also disclose data if required by law.
Kept only as long as needed
Usage analytics are retained in aggregate for as long as needed to understand product usage and trends. Account data is kept while your account exists and is deleted on request. Sign-in tokens expire automatically after a period of inactivity. You can erase your data at any time (Section 7).
Access, deletion & control
Under the GDPR, UK GDPR, and similar laws (including the CCPA), you may have the right to access, correct, delete, export, or restrict the processing of your data, to object to processing, and to withdraw consent. To exercise these:
- Use “Delete All My Data” inside the app (Settings → Privacy) to erase your local and server-side data.
- Or email us at hello@undo.tech to access or delete your account data.
You also have the right to lodge a complaint with your local data-protection supervisory authority.
Where data is processed
Our providers may process data on servers outside your country, including outside the EU. Where required, such transfers rely on appropriate safeguards (for example, the EU Standard Contractual Clauses). We keep the data we handle to the minimum described above.
How we protect it
Connections use HTTPS/TLS. Sign-in tokens are stored only as salted hashes server-side and sealed in your operating system's keychain on your device. Administrative data access is restricted, and the products are built so that your content never leaves your machine in the first place. No method is perfectly secure, but we design for least data and least exposure.
Not directed to children
undo's products and this website are not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
“As is”, AI limits & your responsibility
As-is. The software is provided “as is”, without warranties of any kind, express or implied. To the maximum extent permitted by law, we are not liable for data loss, hardware wear or damage (including from intensive on-device AI workloads), downtime, or system errors.
AI accuracy. AI models can produce inaccurate, incomplete, or misleading output, including wrong translations or transcriptions. Do not rely on outputs for critical decisions without verification.
Your responsibility. You are solely responsible for reviewing, validating, and safely running any command or suggestion the software produces.
Updates to this policy
We may update this policy as the products evolve. Material changes will be reflected here with a new “last updated” date. Continued use after an update means you accept the revised policy.
Who is responsible
The data controller for undo and this website is Amir Mehrabiani (operating “undo”), based in Germany. For any privacy request or legal enquiry: