Security & Privacy

Designed for sensitive work.

Bzz products are designed for professionals who handle sensitive information — attorneys, healthcare staff, consultants, and executives. Here is exactly how data is handled, where it flows, and what does (and doesn't) leave your machine.

Data handling

What lives on your machine. What touches Hiventiq's cloud. Nothing more.

Data type Local device Hiventiq cloud
Audio No
Transcript No
Documents No
Telemetry Optional Limited
License validation N/A

Telemetry is opt-in, capped to anonymous app-health signals (crash counts, version, OS), and never includes audio, transcripts, document content, or filenames.

Privacy-first architecture

Two halves, separated by intent. The left half handles your work. The right half handles the business of running the software.

Your machine
🎙️ Microphone
⚙️ Local processing
📝 Local transcript
💾 Local storage
— wire —
Hiventiq cloud
🔑 License validation
·
📊 Telemetry (opt-in)
·
🛠️ Diagnostics (opt-in)

Audio never crosses the wire. License validation crosses the wire with a license key and machine identifier — nothing about what you said or typed.

Optional AI rewrite — your provider, your key.

Bzz lets you optionally pass a finished transcript through an LLM for cleanup, formatting, or rewriting. This step is off by default and entirely opt-in.

When you turn it on, you choose where the request goes — Anthropic, OpenAI, Gemini, or a local model bundled with Bzz. Your API key lives on your machine and the request goes directly to the provider you picked. Hiventiq is not in the path. We do not proxy, log, or even see the rewrite.

If you don't want any third party to see the transcript, use the bundled local model or skip the AI step entirely.

HIPAA-friendly design

Bzz is designed to support organizations operating in HIPAA-regulated environments through local processing of audio and transcript data. Because the content of a dictation never leaves the workstation, Bzz reduces the surface area that an organization's compliance program has to cover.

What that means in practice:

  • Audio recordings and transcripts remain on the workstation. They are not transmitted to Hiventiq.
  • Telemetry, if enabled, never includes audio, transcripts, document content, or filenames.
  • License validation transmits a license key and a machine identifier only — no content.
  • Optional AI rewrite goes directly from your machine to the provider you choose. Hiventiq does not proxy or log that traffic.

Important. Hiventiq is not a HIPAA Business Associate by default and does not currently sign Business Associate Agreements. Customers remain responsible for implementing their own compliance programs, including workstation security, access controls, audit logging, and any third-party AI providers they choose to use with Bzz.

Have a security or compliance question?

If you're evaluating Bzz for an organization with specific compliance requirements, we'd rather have a direct conversation than send you to a generic FAQ.