Does Hushscript keep my audio after transcription?

No. The audio is deleted from the server the moment your transcript is ready: no grace period, no backup bucket, no cold storage, no training copy. The only thing that persists is the transcript text in your dashboard, until you delete that too.

If I upload a video, does the video file leave my device?

No. When you drop a video, the audio track is extracted in your browser before anything is sent. Only the compressed audio reaches the server. The original video file never uploads; it stays on your device the whole time.

Are my transcripts encrypted?

Yes. Transcripts are encrypted at rest, so if our storage were ever leaked, your words would be unreadable ciphertext rather than plain text. The encryption protects against a storage breach; it is not zero-knowledge, since the key is held on our servers so the app can show you your transcript.

How do I know a transcription service isn't training on my recordings?

Ask directly, and read the privacy policy rather than the marketing page. Phrases like "may use your content to improve our services" are a red flag, since that wording usually covers model training. Look for an explicit statement that audio is not used to train or fine-tune any model.

What types of recordings carry the most risk?

Legal consultations, therapy sessions, medical visits, business negotiations, HR interviews, and journalism source recordings are the obvious cases. But any recording with identifiable voices, names, or private details carries some risk if it's stored on a third-party server you don't control.

Is transcription safe for confidential content?

Yes, if you pick the tool carefully. For anything you'd be uncomfortable leaving on someone else's server indefinitely, use a service that extracts audio in the browser, deletes it after transcription, encrypts what it keeps, and states plainly that it doesn't train on your data. Confirm each of those claims in the privacy policy before you upload.

Is It Safe to Upload Audio for Transcription?

Q: Is it safe to upload audio for transcription?

It depends entirely on the tool. The transcription itself is not risky; the risk is what happens to your file afterward. A service that extracts audio in your browser, deletes it the moment the transcript is ready, encrypts what it stores, and doesn't train on your recordings is safe even for sensitive content. One that stores audio indefinitely and is vague about training is not.

May 19, 2026

Uploading audio for transcription is safe when the tool is built for it. The transcription itself isn’t the risk. The risk is what happens to your file once it leaves your device: where it’s stored, how long it lives there, who else touches it, and whether your voice ends up training someone’s model. Most tools default to indefinite cloud storage and quiet data practices, so the safety question is really a question about the specific service you’re about to trust.

This post walks through what actually happens to a file you upload, the four questions worth asking any transcription tool, how Hushscript keeps the exposure small, and the red flags that should make you close the tab. It’s an explainer, not a sales pitch. The questions apply to every tool, including ones that aren’t us.

What actually happens to your audio

When you upload a file, it doesn’t go to one place and come straight back. It moves through several systems, and the privacy question is what each one does with it.

Storage. Most services write your file to cloud object storage (an S3 bucket or the equivalent) before the speech engine ever sees it. That bucket has a retention policy, and for a lot of free tools the policy is never stated. The file might sit there for a day, a year, or until someone remembers to clean it up. Some tools market “keep all your transcripts in the cloud” as a feature, which is a polite way of saying your audio is now part of their permanent state.

Processing. The audio passes through one or more servers running speech recognition, speaker separation, and clean-up. Most companies don’t own the speech engine; they call a third-party API. So a single file can travel through two or three companies’ infrastructure before a transcript comes back, each with its own logging and its own retention rules.

Training data. Speech models get better by training on real audio, and real customer recordings are valuable training fuel. Some services reserve the right to use your uploads for “product improvement” in their terms. This is rarely a clear opt-in box at upload time. It’s usually buried in the terms of service, or switched on by default with an opt-out you have to go find.

Logs. Even tools that delete the audio often keep metadata: when you uploaded, how long the file was, what language was detected, how many speakers. That metadata is far lower-risk than the audio itself, but it’s worth knowing it usually outlives the recording.

The takeaway isn’t that all of this is sinister. It’s that “upload audio, get text back” hides four or five separate decisions, and a tool that’s careful about all of them looks very different from one that isn’t.

The four questions to ask any transcription tool

You don’t need to read a company’s whole engineering blog to judge a tool. Four questions cover most of the risk, and a service that’s thought its data practices through can answer all four clearly.

When is the audio deleted?

The answer you want is “immediately after the transcript is ready,” not “within 30, 60, or 90 days” and not “when you delete your account.” Deletion that needs you to take action means the audio persists by default, and defaults are what actually happen. A fixed retention window of weeks or months means there’s a copy of your recording sitting on a server for that entire time, available to anyone who can reach the bucket.

Does the speech engine keep a copy?

If the service uses a third-party speech API, your audio passes through that vendor too. “We don’t store your audio” from the company you signed up with is not the same as the underlying engine not storing it. Ask whether the speech provider also deletes immediately, or whether it retains audio under its own separate policy. This is the step most people miss, because it’s invisible from the outside.

Is the audio used for training?

The privacy policy is the binding document, not the landing page. Look for specific language about whether recordings are used for model training, fine-tuning, or evaluation. If the policy says something vague like “to improve and develop our services,” assume that includes training until they say otherwise. Ambiguity in a privacy policy tends to resolve in the company’s favour, not yours.

What’s stored, and is it encrypted?

Even with the audio deleted, the transcript usually stays. That’s the thing you came for. A transcript of a confidential conversation is sensitive in its own right. Ask whether stored transcripts are encrypted at rest, so that a storage breach would expose unreadable ciphertext instead of a searchable archive of everything anyone ever transcribed.

These aren’t gotcha questions. A tool that answers all four plainly has earned a closer look. A tool that dodges them has told you something too.

How Hushscript keeps the exposure small

The design principle behind Hushscript is minimal contact: your audio should spend as little time as possible on any server outside your own device, and what does get stored should be unreadable if it ever leaks. That’s the privacy wedge, and it’s worth being concrete about how it works.

Your video never uploads. If you drop a video file, the audio track is extracted in your browser before anything is sent. The extraction runs locally, using a computation library that ships with the page, so your file is read in the tab, not on a server. What reaches us is a compressed audio file, smaller than the original and stripped of all the video data. The video itself stays on your device from start to finish. For a one-hour recording, that’s often the difference between sending a couple of gigabytes of video and sending a few dozen megabytes of audio.

The audio is deleted the moment the transcript is ready. There’s no 30-day grace period, no backup bucket, no cold-storage tier. Deletion is automatic at completion. It isn’t something you request, and it doesn’t depend on you remembering to. The audio is in a transient processing state from upload to transcript, and then it’s gone.

The speech engine retains nothing. The engine that does the transcription doesn’t keep your audio for training, evaluation, or debugging. It processes the file and discards it. So the “does the third party keep a copy” question, the one most tools can’t answer cleanly, has a clear answer here: no.

Your transcripts are encrypted at rest. The transcript that lands in your dashboard is encrypted where it’s stored. If our storage were ever leaked, what an attacker would get is unreadable ciphertext, not a readable archive of your words. To be precise about the limit of that claim: this is leak protection, not zero-knowledge. The key is held on our servers so the app can decrypt and show you your own transcript, so we are not claiming we can’t read it. We’re claiming that a stolen database would be useless without the key, which is the threat encryption-at-rest is actually meant to address.

About certifications. Hushscript doesn’t hold SOC 2 or HIPAA certification. The approach is to keep the exposed surface small in the first place (extract audio in the browser, delete it on completion, encrypt what’s stored) rather than to build a large store of recordings and then certify the controls around it. If a compliance certificate is a hard requirement for your work, that’s a fair reason to choose a certified vendor instead; it’s better to know that up front than to assume it.

The net effect is a short data footprint. Your audio exists on our infrastructure only during the transcription window. Before that, it’s on your device. After that, nowhere, and the transcript that remains is ciphertext at rest. You can see the full flow on the how it works page, and the private transcription page goes into the data-handling specifics.

A worked example: a confidential interview

Say you’re a journalist with a 50-minute recorded interview, in MP4 because you filmed it on a phone. The source asked to stay anonymous. Here’s what happens, step by step, and where the privacy guarantees actually bite.

You drop the MP4 into the preview. No account yet. The page reads the file in your browser and extracts the audio locally. The 1.8 GB video never leaves your laptop; only a small audio file is prepared for the next step.
A 30-second speaker-labeled preview appears. You see the opening exchange already split into “Speaker 1” and “Speaker 2,” so you can confirm the diarization is sensible before committing. This preview is the only genuinely no-account step.
You sign up to transcribe the rest. Transcription is gated, so it needs an account. New accounts get 30 free minutes to try: instantly when you validate a card with a $1 hold that’s authorized and then released right away, never charged, or with your first purchase if you use a payment method available in your country. A 50-minute interview runs past the free 30, so you’d top up; the pricing page has the per-minute cost.
The full audio is transcribed, then deleted. The audio file is processed and removed the moment your transcript is ready. There’s no copy of your source’s voice left on a server.
You relabel and export. You rename “Speaker 1” to the interviewer and “Speaker 2” to the source’s pseudonym, then export to DOCX for the editor and keep a TXT for your notes. The transcript sits in your dashboard, encrypted at rest, until you delete it.

The point of the example: at no stage is the raw video on a server, the audio outlives transcription, or the stored transcript readable by anyone who breaches the storage without the key. That’s the difference between “we transcribed your file” and “we kept your source’s recorded voice indefinitely.”

Common worries, answered

A few situations come up often enough to address directly.

“My file is huge: does that mean a long, risky upload?” A large video means a long local extraction, not a long upload, because the video stays on your device and only the audio is sent. The upload is the audio, which is a fraction of the size. If a tool makes you upload the whole video before it does anything, that’s the opposite trade-off, with the heavy, sensitive file being the one crossing the wire.

“What if the transcript has things I don’t want stored at all?” Export it, then delete it from your dashboard. Once deleted, the transcript text is removed, and there’s no archive of deleted transcripts. If you’d rather not keep even an encrypted copy on our side, that one-click delete after export leaves you with the files on your own machine and nothing on ours.

“I only have an audio file, no video — does browser extraction still matter?” For a plain audio file there’s no video to hold back, so that specific protection doesn’t apply. The ones that still do are the big ones for sensitive work: the audio is deleted after transcription, the engine keeps nothing, and the transcript is encrypted at rest.

“Is a free tool automatically less safe?” Not automatically. But if a tool is entirely free and there’s no obvious way it makes money, it’s worth asking what’s being monetised. Sometimes the answer is the data you’re contributing. A paid or pay-as-you-go tool at least has a funding model that doesn’t depend on mining your uploads.

Stored archive vs. transcribe-and-delete

There are two honest models for a transcription tool, and which one fits depends on what you’re transcribing.

A stored-archive tool keeps your audio and transcripts in a searchable library you can return to months later. That’s genuinely useful if you’re building a personal knowledge base of your own recordings and the content isn’t sensitive, like a podcaster archiving their own episodes. The cost is that a growing pile of your recordings lives on someone else’s server.

A transcribe-and-delete tool, like Hushscript, treats the transcript as the deliverable and the audio as a means to get it. The audio is deleted on completion and the transcript is yours to export and remove. That’s the right model when the recording is confidential and you already have your own copy of the source file, since there’s no reason for the tool to keep one too.

Neither is wrong. But for legal recordings, interviews, therapy notes, or anything with an anonymous source, the second model removes a liability that the first one accumulates over time.

Red flags to watch for

When you’re evaluating any tool, a few signals are worth treating as warnings.

Vague retention language. “We store your files for a reasonable period” or “files may be retained to improve our services” are not commitments. “Reasonable” can mean anything, and “improve our services” frequently covers training.

Training clauses hidden in the terms. Check the “Acceptable Use,” “Content,” or “License” section of the terms of service, not just the privacy policy. Some tools grant themselves a broad license to use submitted content however they like, which can quietly include training a model on it.

No clear answer to a direct question. If support can’t say plainly when audio is deleted or whether recordings are used for training, that silence is itself the answer.

Free with no visible funding model. If a tool is fully free and the economics aren’t obvious, consider whether the product being sold is the data you’re handing over.

Indefinite storage paired with a paywalled export. A tool that stores your audio forever but charges to export the transcript is designed to keep you dependent on its storage, not to hand you control of your own content.

For interviews, legal recordings, or any audio where the content is sensitive, the question that matters isn’t whether the transcript is accurate — it’s whether the audio that produced it stays yours. The private transcription page lays out how Hushscript’s approach compares to the default.

And if you want the deletion mechanics specifically — when it happens, what counts as “deleted,” and why we made that the default — why we delete your audio after transcription covers it in detail.