Skip to content

Legal

Privacy Policy

Last updated May 21, 2026

Daisy is a local-first desktop app. It is built so that your meetings stay on your machine. Your recordings, audio, transcripts, summaries, notes, and tags never reach us — they live on your computer, not on our servers. There are only three moments when the app talks to us at all: when you buy a license, when it checks for an update, and when it activates or releases a device seat. That is the whole list. We never see what is in your meetings.

This policy explains, in plain language, exactly what little data Small Bricktory (“the Studio,” “we,” “us”) receives, what stays entirely on your device, and the choices you control. It works alongside our Terms of Service.

What stays on your machine

The following never leaves your device and is never transmitted to us under any circumstance:

  • All meeting content — recordings, audio, transcripts, summaries, notes, and tags. These are written to your local storage and stay there.
  • Voiceprints and speaker voice data. Any biometric voice data Daisy uses to recognize speakers is stored encrypted on your device only. We never receive it, and we cannot access it.
  • Your third-party AI provider API keys. If you connect a cloud AI provider, your keys are kept in an encrypted vault on your device. They are not synced to us.

Because this data lives only on your machine, you control it directly: you can delete recordings, transcripts, notes, voiceprints, and stored keys at any time from within the app, and they are gone.

The three things we actually receive

To be completely explicit, here is the exhaustive list of data that ever reaches our servers, and why.

1. Paid sign-up and payment

When you buy a Daisy license, we collect your name and email address, and your payment is handled by a third-party payment processor. We do not see or store your full card details. We keep a license and customer record containing your name, email, license key, and your purchase and renewal status, so we can deliver and support your license.

2. App update checks

The app periodically asks our server whether a newer version of Daisy exists. Like any normal network request, this can include your IP address and the app version you are running. We use this only to tell the app whether an update is available. Daisy is notify-only — it tells you when an update exists; it does not silently install anything.

3. Device activation and deactivation

When you activate or release a device seat, the app sends your license key and a random per-device install identifier so we can enforce the 3-device limit on each license. We store the license (in hashed form) together with install identifiers and timestamps. The install identifier is a random value generated on your device; it is not tied to your meeting content.

That is the complete list. We never receive your audio, transcripts, summaries, notes, or any meeting content.

In practice, the only personal information we actually store about you is your billing and licensing details — your name, email, and license record. The update-check and activation data above is operational: the install identifier is a random value that is not linked to your identity, and update requests are not used to build a profile of you.

Why we’re allowed to process this data

For people in the European Economic Area and the United Kingdom, data protection law asks us to name a lawful basis for the limited data we handle. As applicable, we rely on:

  • Performance of your license contract — taking payment and providing the software you licensed, including delivering updates and supporting your license.
  • Our legitimate interests — enforcing the per-license seat limit, keeping the service secure and free of fraud, and letting you know when an update is available, balanced against your rights.
  • Your consent — for example, when you ask us by email to notify you about the macOS version. You can withdraw consent at any time.

Third-party AI providers

Daisy can use AI either fully on your device or through a cloud AI provider that you choose.

  • If you stay offline / local, nothing leaves your machine. All processing happens on your device.
  • If you choose a cloud provider and supply your own key, the audio or text you send for processing goes directly from your machine to that provider, under that provider’s own privacy policy and terms. It does not pass through us, and we do not receive a copy. We encourage you to review the privacy policy of any provider you connect.

macOS “notify me” emails

Daisy currently runs on Linux and Windows, with macOS coming. If you email us asking to be notified when the macOS version is available, we use your email address only to send you that one notification. We do not add you to a marketing list, and you can ask us to delete your email at any time.

Our service providers

To run Daisy and the website, we use a small number of trusted providers who process the limited data described above on our behalf, under their own terms and security practices:

  • A payment processor to handle billing and process your payment.
  • Cloud hosting and infrastructure providers to serve this website, run the activation and update endpoints the app talks to, store activation records, and host software downloads.
  • An email provider to send transactional messages and the macOS “notify me” email.

These providers act as our processors and are not permitted to use your data for their own unrelated purposes.

What we never do

  • We do not sell your personal data.
  • We do not use your content, recordings, or transcripts to train AI models — we never receive that content in the first place.
  • We never receive your meetings — your recordings, audio, transcripts, summaries, and notes stay on your machine.
  • We do not run advertising trackers on our website.

Aggregated and anonymized data

We may create and use aggregated or de-identified data — for example, total counts or how widely a given version has been adopted — that does not identify you. This kind of data can be used for any purpose, including understanding and improving Daisy.

Cookies and analytics on this website

Our marketing website is built to respect your privacy. We use minimal, privacy-respecting tooling — only what is needed for the site to function and to understand aggregate, non-identifying traffic. We do not use advertising or cross-site tracking cookies, and we do not build advertising profiles about you.

Data retention

On-device data (recordings, transcripts, notes, voiceprints, keys) is retained on your machine until you delete it. We never hold a copy. For the limited data we do hold, we keep license and customer records for as long as your license is active and for a reasonable period afterward to meet legal, tax, and accounting obligations. Activation records and install identifiers are kept while the license is in use so we can enforce the device limit, and update-check logs are retained only briefly. macOS notify-me emails are deleted once the notification has been sent or on request.

Your rights

Depending on where you live, you may have the right to access, correct, or delete the personal data we hold, to receive a copy in a portable form, to object to or restrict certain processing, and to withdraw consent you have given. To exercise any of these, email us at studio@smallbricktory.com, and we will respond within the time required by applicable law. Note that deleting your customer record may deactivate your license.

In practice, much of this is straightforward: because most of your data (recordings, transcripts, notes, voiceprints, and keys) lives only on your device, we simply never hold it, and you manage and delete it directly within the app.

Security

Data exchanged with our servers is encrypted in transit. On your device, sensitive data such as voiceprints and your provider API keys is stored encrypted. License and customer information we hold is protected with appropriate safeguards, and license keys are stored in hashed form. We use reasonable technical and organizational measures to protect the limited data we hold, and we keep what we hold to a minimum precisely so there is little to protect. That said, no method of transmission over the internet or method of storage is 100% secure, and we cannot guarantee absolute security.

If something goes wrong

If a breach affecting your personal data occurs, we will notify you and the relevant authorities where and as required by applicable law.

Children

Daisy is not directed to children under the age of digital consent in their jurisdiction (for example, 16 in parts of the European Union), and is not intended for use by them. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

International transfers

We are based in British Columbia, Canada, and Daisy is used worldwide. The limited data we hold, and the information handled by our service providers, may be processed in Canada, the United States, and elsewhere. Where required, we rely on appropriate safeguards for such transfers, such as Standard Contractual Clauses or adequacy decisions. By using Daisy, you understand that this limited data may be processed outside your country of residence.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be made clear. Your continued use of Daisy after an update means you accept the revised policy.

Governing law

This Privacy Policy is governed by the laws of the Province of British Columbia and the federal laws of Canada applicable therein. It works alongside our Terms of Service. Nothing in this policy limits or waives any non-waivable rights you have under the laws of your country of residence.

Contact

Questions about this policy, or want to access or delete your information? Email us at studio@smallbricktory.com.