Back to blog Privacy guides
Privacy

The Privacy Tradeoffs in Browser-Based Dictation Tools

A practical privacy checklist for browser-based dictation tools, covering microphone permissions, Web Speech API behavior, cloud processing, local alternatives, and safe usage.

Unspoken Editorial2026-06-094 min read
The Privacy Tradeoffs in Browser-Based Dictation Tools cover image

Short answer

Browser-based dictation is convenient because it works in a tab, but the privacy boundary depends on the browser API, the website, the speech engine, and the app's storage policy. Before dictating sensitive notes in a web tool, check microphone permission, whether speech recognition runs locally or through a service, whether transcripts are stored, and whether the tool sends text to an AI cleanup provider.

Browser dictation privacy is not a single yes-or-no question. A web app may ask the browser for microphone access, send audio to its own servers, use the browser's speech recognition service, process text with a language model, or store transcripts in your account. Each step changes the risk.

The practical question is whether a browser workflow is appropriate for the kind of note you are about to speak.

The browser tradeoff

MDN's getUserMedia documentation explains that browser microphone access requires a secure context and user permission, and that browsers must show indicators when microphone or camera capture is active. Google Chrome Help explains that users can allow microphone access while visiting a site, allow it one time, or never allow it, and can review or remove allowed sites later.

Those browser controls are useful, but they do not answer every privacy question. Permission to use the microphone is only the first boundary. The next boundary is what the site or speech engine does with the audio and transcript after permission is granted.

A data-flow checklist for browser dictation

QuestionWhy it mattersWhat to look for
Who receives audio?Audio is often more sensitive than the final edited note.Local browser recognition, app server, or third-party speech provider.
Is recognition local?Some browser speech APIs can be configured for local processing only when supported.Clear documentation, not just "secure" language.
What is stored?Transcript history can reveal clients, health details, prices, and strategy.Retention controls, delete controls, account storage policy.
What AI cleanup is used?Cleanup can send transcript text to a separate model provider.Provider list, opt-in controls, and zero-retention terms if applicable.
Can access be revoked?Persistent browser permissions are easy to forget.Browser site settings and app-level account settings.

MDN's Web Speech API guide now documents an option to request on-device processing with processLocally, but the page also makes clear that the default value is false. That means buyers should not assume a browser speech feature is local unless the tool says so clearly and the browser supports it.

Browser dictation vs desktop dictation

WorkflowStrengthPrivacy caution
Browser dictationNo install, cross-device access, easy account sync.Audio and transcripts may pass through the site, browser service, or cloud providers.
Cloud dictation appFast models, AI formatting, shared history, team controls.Read retention, training, third-party provider, and diagnostics policies.
Local desktop dictationBest fit for private rough drafts and cursor insertion.Check local transcript history, audio retention, and app permissions.

Competitor privacy pages show why the distinction matters. Wispr Flow's privacy page says transcription happens in the cloud. VoiceInk's privacy policy says local transcription is the default and optional cloud services are opt-in. Those are different privacy models, even if both tools can turn voice into text.

A safer browser dictation workflow

  1. Classify the note before speakingClient names, medical details, legal context, credentials, pricing, and strategy deserve the strictest workflow.
  2. Use one-time permission when testingDo not leave microphone permission open for sites you are only evaluating.
  3. Read the data-flow claimsLook for audio processing, transcript storage, AI cleanup, analytics, and deletion controls.
  4. Keep sensitive rough drafts localUse a local-first desktop workflow before moving only the cleaned text into a browser app.
  5. Review allowed sitesRemove microphone permission for tools you stop using.

Unspoken fits Mac users who want local-first capture before a note reaches a browser-based CRM, document editor, email client, or AI writing tool.

FAQ

Is browser dictation private?

It depends on the site and speech engine. Browser permission controls access to the microphone, but you still need to check where audio is processed, whether transcripts are stored, and whether text is sent to AI providers.

Does Chrome microphone permission mean a site can always record?

Chrome says allowed sites can start recording when you are on the site, and you can review or remove microphone permissions in site settings.

Can browser speech recognition run locally?

Some Web Speech API implementations support requesting local processing, but support and availability vary. Do not assume local processing unless the tool documents it and the browser supports it.

Where does Unspoken fit?

Unspoken fits Mac users who want local-first dictation for sensitive rough drafts before pasting cleaned text into browser tools.

More guides in this topic cluster

These internal guides connect related search intent so readers can move from comparison to a better Mac dictation decision.