Boswell Privacy Policy
Last updated: 2026-05-29
TL;DR
Boswell is local-first. Your voice memos, transcripts, and meeting recordings stay on your Mac: Boswell never uploads them to a Boswell server. The one exception is buying a license: when you purchase Boswell, your email address and a license key are stored on Boswell's licensing backend so the app can confirm your purchase and let you activate it across your Macs. Optional cloud features (BYOK AI providers, opt-in analytics, app-update checks) only contact the network when you explicitly enable them.
What data Boswell collects
From your recordings, by default, none. Voice memos, transcripts, meeting recordings, summaries, and exports live in your local ~/Library/Application Support/Boswell/ directory. They never leave your Mac unless you choose to send them somewhere: by exporting to a file-picker destination, syncing an Obsidian vault, or configuring a cloud AI provider.
You do not need an account to record, transcribe, or work with your notes locally: that all happens on-device. The only account-like surface in Boswell is the magic-link sign-in to your purchase portal at https://meetboswell.com/account, which exists solely to manage a license you bought. See Payments & licensing below for exactly what that stores.
Payments & licensing
Boswell is a one-time purchase. If you buy a license, a small amount of data is created and stored on Boswell-operated infrastructure: this is the one place Boswell keeps server-side data about you.
What the purchase collects, and where it lives
- Checkout (Stripe). Payment is handled by Stripe's hosted Checkout. Stripe collects the data it needs to process the transaction: your email address, card details, and billing address. Stripe acts purely as a payment-processing conduit: Boswell does not send Stripe any recording content, transcript text, recording or meeting titles, file paths, or usage data, only what is intrinsically necessary to take payment. Stripe never sees your notes. Stripe's privacy policy governs the data once it reaches them.
- Licensing backend (Supabase). After a successful payment, Boswell's licensing backend, hosted on Supabase, stores a license record containing: your email address, a generated license key (the
XXXX-XXXX-XXXX-XXXXcode you paste into the app), the Stripe checkout-session identifier (for support look-ups), the product version your key entitles, and a per-key machine cap (3 Macs by default). - License-delivery & sign-in emails (Resend). Your license key email and the magic-link sign-in emails for the
/accountportal are sent through Resend, fromhello@meetboswell.com.
What activating on a Mac records
When you activate Boswell on a particular Mac, the app sends the licensing backend:
- A salted one-way hash of that Mac's hardware identifier. This is not the raw identifier and cannot be reversed back to your machine or your identity: it only lets the backend tell your Macs apart so it can enforce the machine cap.
- An optional device name you choose (e.g. "MacBook Air M3"), shown on
/accountso you can recognize your own machines. - The app version and macOS version the machine is running (e.g.
1.4.2,26.2.0), and the time the app last checked in.
No IP address, no location, and no geolocation is collected or stored. The activation telemetry is strictly when the app last phoned home and which app/OS build it was running, the minimum needed to show a device's status and version on your account page.
The /account portal
Sign in at https://meetboswell.com/account with a magic link sent to your purchase email to view your license, see and sign out activated Macs, and manage billing (receipts, invoices, and payment method) through Stripe's hosted Customer Portal. If you lose your license email, https://meetboswell.com/recover resends it to your purchase address.
Each processor named above (Stripe, Supabase, Resend) has its own privacy policy, which governs your data once it reaches their service.
Third-party services that may be touched
These are all optional and user-initiated. None run by default.
Apple Developer + Sparkle update server (direct-distribution path only)
If you installed Boswell via the direct DMG download from https://meetboswell.com, the app uses the Sparkle update framework to check for new versions. Sparkle sends a request to Boswell's appcast URL (https://meetboswell.com/appcast.xml) to see if an update is available. The request is anonymous (it carries no user identifier) and exists only so the app can show you the in-app "Update Available" prompt. You can disable update checks in Settings → Updates.
Mac App Store builds of Boswell do not embed Sparkle; updates flow through the App Store instead.
PostHog analytics (opt-in only)
If you turn on analytics in Settings → Privacy → Send anonymous usage data, Boswell sends anonymized usage events (e.g. "user opened the Voice Memo screen") to PostHog. Events do not include the contents of your recordings, transcripts, file paths, or any personally identifying information. Analytics is off by default and can be turned off at any time. PostHog's own privacy policy applies to data once it reaches their service.
Cloud AI providers (BYOK: bring your own key)
If you configure a cloud AI provider in Settings → AI Services (OpenAI, Anthropic, DeepL, Ollama, etc.) for summarization, translation, or cloud STT, Boswell sends the relevant audio or text directly to that provider using your own API key. Boswell does not proxy these requests through a Boswell server, does not log them, and does not see your API key after you enter it (the key is stored in your macOS Keychain). The provider's own privacy policy governs what they do with the data once it leaves your Mac.
You can revoke any provider configuration at any time from Settings → AI Services.
System permissions
Boswell asks for the following macOS permissions at the moment you first use the feature that needs them:
- Microphone: when you start a voice memo, dictation, or meeting mic track.
- Screen recording / system audio: when you start a meeting capture, so Boswell can transcribe system audio from the call. Audio only: no video is captured.
- Accessibility: only if you enable auto-record detection. Boswell reads meeting-app window titles so it only offers to record when you're actually in a call, rather than just because Zoom or Teams is open.
- Input Monitoring: only if you enable system-wide dictation. Boswell watches for your dictation hotkey so you can dictate into any app. Boswell does not log your keystrokes.
- Contacts: only if you opt into speaker-name resolution. Boswell looks up contacts so you can pick a name for each speaker; contact data never leaves your Mac.
- Calendars: only if you opt into upcoming-meeting auto-detection.
Each prompt is the standard macOS prompt; you can revoke any permission later in System Settings → Privacy & Security. Boswell gracefully degrades when permissions are revoked: the relevant feature stops working, but the app continues to run.
Children's privacy
Boswell is a professional productivity tool not directed at users under 13. We do not knowingly collect personal information from children.
Your data rights (GDPR / CCPA)
Local data. Everything Boswell creates from your recordings lives on your Mac. To erase it, quit Boswell, uninstall the app, and delete ~/Library/Application Support/Boswell/. There is no Boswell server holding your notes, so there is nothing on our side to delete.
License & account data (purchasers only). If you bought a license, Boswell holds the server-side data listed under Payments & licensing: your email, your license key, your machines' salted activation hashes, and the activation telemetry (app/OS version and last-seen time). You can:
- See and manage it any time by signing in at
https://meetboswell.com/account, including signing out individual Macs. - Request its deletion by emailing support@meetboswell.com. We will delete your license record and all associated activations. (Note: a refund/chargeback is handled separately through Stripe; deleting your license record removes your ability to re-activate the app.)
Payment records (Stripe). Stripe retains transaction records as the payment processor and may be legally required to keep them for tax and anti-fraud purposes. Stripe is the controller for that data; see Stripe's privacy policy.
Optional analytics (PostHog). If you turned on optional PostHog analytics, anonymized event data may live on PostHog's servers. PostHog provides its own data-subject request flow at https://posthog.com/privacy.
BYOK cloud AI providers. If you configured cloud AI providers, the provider you chose is the data controller for anything you sent to them. Each provider has its own GDPR/CCPA flow.
Changes to this policy
Material changes to this policy are versioned in the Boswell project's git repository. The "Last updated" date at the top is the canonical signal: if it's older than the version you remember, nothing has changed.
Contact
Questions about this policy or your data: support@meetboswell.com.