Security · On-device by architecture

Audio never leaves your Mac.

Sussur is not “encrypted in transit” theater. The speech-to-text runs locally on your Mac. The LLM key is yours. The transcripts and persona memory live in SQLite on your laptop. Here is the literal data path.

01 · Source

Your microphone + the meeting app

Zoom, Google Meet, Microsoft Teams, FaceTime, a regular phone call on the desk. Sussur does not need to join the call as a bot.

02 · Capture

macOS ScreenCaptureKit

Native Apple framework. Captures both sides of any audio source on the Mac. Requires explicit user permission. No third-party kernel extension. No bot account joining the meeting.

03 · Transcription

NVIDIA Parakeet TDT v3 · on-device

Open-weights speech-to-text model running on the user's Mac via sherpa-onnx. Sub-200ms latency. Audio bytes are processed in-memory and never persisted to disk by default. Apple SpeechAnalyzer is a viable replacement; we currently prefer Parakeet for accuracy on phone-audio bandwidth.

04 · Coaching

Your LLM API key, your provider

Personal tier: bring your own OpenRouter, Anthropic, OpenAI, or Google key. The provider you choose is the only third party that ever sees a transcript fragment, and only the prompts you opt to send. Business tier: managed Gemini Flash + Opus 4.7 mix with a signed DPA covering both directions.

05 · Storage

SQLite + LanceDB · on your Mac

Transcripts, summaries, persona memory, rapport time series: all stored locally in encrypted SQLite + LanceDB. Nothing ships to Sussur servers. Your call history is portable; you can export the SQLite file at any time.

Four pillars

What we mean by “privacy by architecture.”

On-device by architecture: Not a feature, an architectural decision baked in from the first commit. Sussur was built around sherpa-onnx and Parakeet from day one. Retrofitting on-device into a cloud meeting tool takes a rewrite, not a release.
EU AI Act Article 50 ready: Article 50 transparency obligations land 2 Aug 2026. Annex III high-risk classification does not apply (Sussur coaches the user of the device, not third parties), but the transparency obligations do. We publish them in plain language and provide the disclosure templates business customers need.
GDPR: Privacy Policy + DPA published. Minimal data because audio stays local.
SOC 2 readiness assessment underway: Type II attestation on the Scale tier roadmap. Not shipping a claim we cannot substantiate.

Downloads

Published, not aspirational.

What we mean by “privacy by architecture.”

On-device by architecture

Not a feature, an architectural decision baked in from the first commit. Sussur was built around sherpa-onnx and Parakeet from day one. Retrofitting on-device into a cloud meeting tool takes a rewrite, not a release.

EU AI Act Article 50 ready

Article 50 transparency obligations land 2 Aug 2026. Annex III high-risk classification does not apply (Sussur coaches the user of the device, not third parties), but the transparency obligations do. We publish them in plain language and provide the disclosure templates business customers need.

GDPR

SOC 2 readiness assessment underway

Type II attestation on the Scale tier roadmap. Not shipping a claim we cannot substantiate.