Privacy and consent

Folio is a local-first application. It captures system audio and your microphone, transcribes on-device, and writes one markdown note per meeting to a vault path you choose. On the default path, none of that leaves your machine.

The guarantees that hold by default:

• No telemetry, no analytics, no crash reporting. This is not a setting you trust us to honor. It is enforced in CI by a dedicated no-telemetry job that runs on every push and pull request to main.
• Audio, transcripts, and notes stay on disk. The recorded streams, the on-device transcription output, and every markdown note are written to your machine and read from your machine.
• Notes are encrypted at rest. Folio encrypts notes with AES-256-GCM, with key derivation through Argon2id.

Local transcription runs through whisper.cpp on-device, and diarization runs on-device as well. Neither path sends audio to a server.

It is easier to trust a tool when you can name every call it is able to make. Folio makes only these network calls, and each one can be blocked.

• A one-time model-weights download. On first local transcription or diarization, Folio downloads the model weights once. This is a few hundred megabytes, pulled from Hugging Face and from the sherpa-onnx GitHub releases. After that, the local path needs no network at all.
• The opt-in cloud-AI path. The OpenAI Whisper API is an opt-in fallback for faster cloud transcription on long meetings. It needs an OpenAI key. It is never the default, and you choose when to use it.
• The opt-in webhook path. If you wire up a webhook, Folio can call it. This is opt-in and off until you set it up.

Every item in that list can be blocked. If you never enable the cloud-AI path or a webhook, and you keep the model weights you already downloaded, Folio makes no outbound calls.

When you want a hard guarantee instead of a careful configuration, turn on Privacy Mode under Settings then Privacy. Privacy Mode physically blocks every outbound HTTP call except localhost. There is nothing left to forget about and no path to leak through.

The proof is that the app keeps working. With Privacy Mode on, you can turn Wi-Fi off and Folio still records, transcribes, diarizes, and writes notes end to end. The local pipeline does not depend on the network, so removing the network changes nothing about the result.

The one prerequisite is that the model weights are already on disk. If you have run a local transcription or diarization once before, the one-time download has already happened and Privacy Mode has nothing it needs to reach for.

Folio does not hold your data in a place you cannot see. Notes are plain markdown files in the vault path you chose. You can read them, edit them, search them, and back them up with any tool you already use.

Retention is therefore in your hands. A note exists for exactly as long as the file exists. When you delete the file, the note is gone. There is no separate copy to clear and no server-side record to request the deletion of. The on-disk file is the canonical artifact, and the derived index is always rebuildable from the files.

For the full account of what Folio stores and what it never touches, read the privacy document.

Folio gives you a recording tool. Using it lawfully is your responsibility, and the law here is not uniform.

For the complete and authoritative account of Folio privacy, including the full list of what stays on your machine and what the opt-in paths do, read the full privacy document.