Download
Download

Geode Privacy White Paper

Updated for the current Geode architecture • Local by default, cloud only when chosen

Prepared by OmniIntelliLink Pte. Ltd. (Singapore)

Last updated: 2026.04.16

About this document

This white paper explains Geode’s privacy architecture in practical terms. It should be read together with the Geode Privacy Policy. Where there is any inconsistency, the current Privacy Policy governs Geode’s legal processing terms.

1. Overview

Geode is a privacy-first AI transcription and voice recording tool developed by OmniIntelliLink Pte. Ltd. (Singapore), designed to deliver powerful AI features without making cloud transmission the default condition of use.

By default, Geode keeps recording, local transcription, speaker separation, and local summarization workflows on the user’s device across iPhone, iPad, and Mac. Optional cloud transcription and optional cloud summaries are available, but they are never required for normal use.

For users who never opt into cloud features, Geode remains truly local. No audio, transcripts, or summaries are transmitted off the device, and OmniIntelliLink has no technical means to access content that stays within the local workflow.

2. Privacy-by-Design Architecture

Geode follows a privacy-by-design approach aligned with the principles reflected in GDPR Article 25. Privacy controls are built into the product architecture rather than added after the fact.

  • Local by default — default recording and local AI workflows keep recordings, transcripts, speaker-separation output, and local summaries on-device.
  • Cloud only when chosen — audio and related transcript text are transmitted to cloud infrastructure only when the user explicitly requests cloud transcription or cloud summaries.
  • Data minimization — server-side data is limited to account and entitlement records, optional crash diagnostics, optional product analytics, and cloud-processing data strictly required for the requested cloud task.
  • User controls — crash reporting and product analytics are both opt-in and off by default. Users can enable or disable them in Settings at any time.

Unlike cloud-first transcription tools that require uploading all audio to centralized servers, Geode processes most workflows locally on the user’s device. When users do choose optional cloud features, uploaded content is deleted after processing and is not retained for analytics, model training, or future reference.

3. Data Flow and Content Handling

Geode’s data lifecycle remains contained within the device.

Default local workflow:

  1. Recording — audio is captured and stored locally.
  2. Local transcription — speech-to-text processing is performed locally where the user chooses the local transcription workflow.
  3. Speaker separation — speaker separation is performed locally.
  4. Local summarization — summary generation is performed locally where the user chooses the local summary workflow.
  5. Storage — files remain on-device until the user deletes them.

Optional cloud workflow:

  • The selected audio, and where necessary related transcript text, is transmitted securely to Geode’s cloud processing infrastructure solely to perform the requested cloud task.
  • Uploaded audio is permanently deleted immediately after the requested cloud transcription or cloud summary task finishes.
  • Transcript text processed solely to generate a requested cloud summary is deleted once that task is completed, subject only to temporary technical storage strictly required during secure processing and delivery.
  • Cloud processing does not involve human review or listening. Uploaded audio is processed by automated systems and deleted immediately after the requested task is completed.
  • User content is not used to train machine learning or AI models.

4. Minimal Server-Side Data

Geode maintains only limited server-side data required for account operation, feature access, diagnostics, analytics opt-ins, and optional cloud processing.

  • account identifiers and entitlement status required to verify access to free or paid features;
  • support communications sent by the user;
  • limited technical crash logs, but only if the user explicitly enables crash reporting;
  • limited behavioral analytics events, but only if the user explicitly enables analytics sharing; and
  • cloud-processing data strictly necessary to perform an optional cloud transcription or cloud summary requested by the user.

No audio, transcripts, summaries, or other user content are collected for analytics, profiling, advertising, or AI model training.

5. Diagnostics and Analytics Controls

Geode makes crash reporting and product analytics opt-in by default, even though this reduces our visibility into how the product is used. This reflects our view that users should not have to disable tracking — it should be off unless they actively choose to help improve the product.

Crash reporting is opt-in and off by default. No crash logs are collected unless the user makes an active, affirmative choice to enable crash reporting in Settings. If enabled, reports contain only limited technical information such as error codes, device type, operating system version, and app version.

Product analytics are also opt-in and off by default. No behavioral analytics data is collected unless the user makes an active, affirmative choice to enable analytics sharing in Settings. If enabled, Geode may collect limited product usage events such as feature usage, button taps, screen views, and workflow events.

Geode does not integrate advertising SDKs or third-party behavioral tracking tools that operate without user knowledge. Optional product analytics, when enabled by the user, use a limited set of carefully selected service providers under strict data processing obligations and never include audio, transcripts, summaries, or other user content.

6. Security Framework

Geode applies technical and organizational safeguards intended to protect personal data and reduce unnecessary exposure of user content.

  • TLS-based encryption in transit for cloud processing, diagnostics, and analytics transmissions;
  • platform sandboxing and native device protections;
  • access controls and least-privilege restrictions for limited server-side data;
  • retention limits for account, diagnostics, analytics, and cloud-processing data; and
  • incident response procedures, including notification where legally required.

Users remain responsible for securing their own devices. Geode cannot recover local files if they are lost or deleted from the device.

7. Compliance and Governance

Geode is designed to support compliance with major privacy frameworks, including GDPR, CCPA/CPRA, and other applicable laws.

  • data minimization and purpose limitation;
  • privacy-by-design and local-by-default architecture;
  • processor controls and contractual restrictions on service providers;
  • safeguards for cross-border transfers where applicable;
  • no advertising SDKs and no sale or sharing of personal information for cross-context behavioral advertising; and
  • no automated decision-making or profiling that produces legal or similarly significant effects on users.

Where applicable, EEA and UK users may exercise access, correction, deletion, restriction, objection, portability, and consent-withdrawal rights. California residents may also have rights under CCPA/CPRA, including rights to know, delete, correct, and opt out of sale or sharing.

8. International Processing and Additional Technical Information

OmniIntelliLink Pte. Ltd. is based in Singapore. Because Geode includes optional cloud processing and limited server-side operational functions, some data may be processed outside the user’s country depending on the feature used and the infrastructure providers engaged at the relevant time.

Where personal data from the EEA/UK is transferred to a country without an adequacy decision, Geode relies on appropriate safeguards such as Standard Contractual Clauses (SCCs), along with encryption in transit, access controls, and other GDPR-aligned measures where required.

For customers with compliance requirements, additional information about processing infrastructure, encryption controls, and Technical and Organizational Measures (TOMs) may be available upon request.

Compliance and enterprise inquiries

Contact: [email protected]

9. Transparency and User Rights

Users retain control over Geode’s privacy settings. You may:

  • keep all supported workflows local by default;
  • choose whether or not to use optional cloud transcription or cloud summaries;
  • enable or disable crash reporting in Settings;
  • enable or disable product analytics sharing in Settings;
  • access, correct, or delete account-related data where applicable; and
  • contact OmniIntelliLink regarding privacy, safeguards, or applicable data rights requests.

Privacy inquiries may be directed to [email protected].

10. Summary

Geode’s architecture is built around a simple principle: your content belongs on your device by default. Recording, transcription, speaker separation, and summarization all work locally. When you do choose to use optional cloud features, your audio is deleted immediately after processing and is never used to train AI models.

This is how we believe AI productivity tools should work — powerful when you want them, invisible when you don’t, and always under your control.

AI can be powerful without being invasive.

Contact

OmniIntelliLink Pte. Ltd. (Singapore)

[email protected]

Privacy Policy