Legal
Privacy Policy
This privacy policy explains what personal data Squibble GmbH collects when you use Saydrop or this website, and how it is processed and protected. It applies from June 2026 and complies with the Swiss Federal Act on Data Protection (revFADP) and GDPR.
01 Controller
The controller responsible for data processing on this website and the Saydrop service is:
02 Data & Scope
The app (100% local-first)
Saydrop is built for privacy. Audio and transcripts never leave your Mac by default. Transcription (mlx-whisper large-v3) and text cleanup (local Gemma 4 E4B) run entirely on-device. No account is required. No personal data is collected, sent to our servers, or processed for Saydrop's operation.
App logs are stored locally in ~/Library/Logs/saydrop.log and are redacted
(no transcribed text or sensitive content is logged). These logs remain on your machine.
The website & purchase
This static marketing site is hosted in Switzerland and does not collect analytics or tracking cookies. No personal data is collected by the website itself.
Purchases are processed by Paddle.com Market Ltd as Merchant of Record. When you purchase a Saydrop license, Paddle collects your name, email address, billing address, and payment information under their own payment processing service. Squibble GmbH does not receive or store this payment data. See Paddle's Privacy Policy for full details.
Optional cloud cleanup (user opt-in)
By default, all text polishing runs locally on your Mac. If you choose to enable cloud cleanup
(by setting SAYDROP_CLEANUP_BACKEND=gemini and providing your own Google Gemini API key),
your transcribed text is sent to Google's Gemini API under your own account and API key.
This is entirely optional and must be explicitly enabled in your configuration.
Squibble does not store, process, or have access to text sent to Gemini via cloud cleanup. You control this data directly. See Google's Privacy Policy for how they handle data sent to their APIs.
03 Purpose & Legal Basis
| Data | Purpose | Legal basis |
|---|---|---|
| Purchase email (via Paddle) | License activation, receipts, support | Contract (revFADP Art. 6 / GDPR Art. 6(1)(b)) |
| Local app logs | Debugging, troubleshooting (on your machine only) | Legitimate interest |
| Text sent to Gemini (optional, if enabled) | Cloud-based text cleanup (you control via your API key) | Explicit consent / Your instruction |
04 Storage & Retention
Saydrop is designed to minimize data retention and centralized storage:
- App data (transcripts, dictionary, settings): Stored only on your Mac in your user's Application Support folder. Not synced to cloud. Deleted when you delete the app.
- Local logs: Stored in
~/Library/Logs/saydrop.logon your Mac only. Automatically rotated. Never uploaded unless you share them for support. - Purchase data (via Paddle): Retained by Paddle per their standard retention policies (typically for tax/legal compliance, 7 years).
- Cloud cleanup requests (if enabled): Sent to Google's Gemini API. See Google's Privacy Policy for their retention period — Squibble has no copies of this data.
- Website analytics: None collected. No cookies. No third-party trackers.
05 Optional Cloud Services
Saydrop can optionally integrate with cloud services if you explicitly enable them:
| Service | Purpose | Activation |
|---|---|---|
| Paddle.com | Purchase processing, payment, license management | When you buy |
| Google Gemini API | Optional cloud text cleanup (you provide API key) | Opt-in, config setting |
No other third-party services process data on Saydrop's behalf. All other functionality is local-only.
06 Your Rights
Under the revFADP and GDPR you have the following rights regarding your personal data:
- Access (Art. 25 revFADP / GDPR Art. 15): request a copy of all personal data we hold about you.
- Rectification (GDPR Art. 16): request correction of inaccurate data.
- Erasure (GDPR Art. 17): request deletion of your data where there is no overriding legal obligation to retain it.
- Restriction (GDPR Art. 18): request that we restrict processing while a dispute is resolved.
- Portability (GDPR Art. 20): receive your data in a structured, machine-readable format.
- Objection (GDPR Art. 21): object to processing based on legitimate interest.
We respond to all data requests within 30 days. To exercise any of these rights, email hello@squibble.ch with the subject line Data Request and a description of your request.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).
07 Changes to this Policy
We may update this privacy policy as the service evolves or as legal requirements
change. Material changes will be communicated to registered users by email at least
14 days before they take effect. The current version is always published at
saydrop.squibble.ch/privacy.
Last updated: June 2026
08 Contact
For privacy questions, data requests, or DPA enquiries: