Gistlist

Privacy Policy

Effective date: 2026-04-28

This policy describes how Gistlist, LLC handles personal information when you use the Gistlist desktop app, command-line interface, or MCP server, or visit the Gistlist website.

1. Definitions

These terms have the meanings given to them in our Terms of Service, and are used here for consistency:

  • "Gistlist", "we", "us", "our" mean Gistlist, LLC.
  • "You" and "your" mean the person or entity using Gistlist or visiting our website.
  • "Software" means the Gistlist desktop app, the command-line interface, the MCP server, the Obsidian integration, and any updates or related code we make available.
  • "Services" means the Software plus the Gistlist website.
  • "Your Content" means anything you record, transcribe, write, or generate using the Software, including audio files, transcripts, summaries, prompt outputs, prompt files, and notes.
  • "Personal Information" means information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular individual.

2. Who we are and how to contact us

Gistlist is provided by Gistlist, LLC, a Delaware limited liability company. For any privacy question, request, or correction, email support@gistlist.co.

3. Scope of this policy

This policy covers:

  • The Gistlist desktop app for macOS
  • The Gistlist command-line interface
  • The Gistlist MCP server (used by Claude Desktop and similar clients)
  • The Gistlist website at gistlist.app and gistlist.co

It does not cover the third-party services you choose to use through the Software or the websites linked from it. Those services have their own terms and privacy policies, and you should review them. Section 8 lists the third parties that may receive Personal Information about you in connection with our Services.

4. Personal Information we collect

The table below describes the categories of Personal Information we collect, the kinds of data each category includes, and how we obtain it.

Category Examples Source
Identifiers Email address, when you contact us for support Provided by you
Internet or network activity IP address, user-agent string, page-view and event data, request metadata, approximate location derived from IP, the version of the Software you are running when it checks for updates Automated, from your browser or from the Software when you use it
Communications content The body of any support email you send, including any attachments Provided by you

The Software processes Your Content locally on your device. We do not receive or access Your Content unless you choose to send it to us, for example by including a transcript or audio file in a support request. When you choose to use a cloud language-model or transcription provider through the Software, Your Content goes from your device directly to that provider; it does not pass through Gistlist. See Section 7.

5. How we use Personal Information

We use the Personal Information described in Section 4 for the following purposes. Where the GDPR or UK GDPR applies, the lawful basis for each purpose appears in parentheses.

  • To answer your support email and any reasonably foreseeable follow-up (legitimate interest in supporting our users; performance of pre-contractual or contractual steps where applicable).
  • To operate, secure, and distribute the Services, including hosting the website, distributing builds of the Software, and serving update checks (legitimate interest in operating and maintaining the Services).
  • To understand basic website traffic and improve the website (legitimate interest in understanding aggregate use of the Services).
  • To comply with our legal obligations and to enforce our terms (legal obligation; legitimate interest in protecting our rights and property).

We do not use Personal Information to make automated decisions that produce legal or similarly significant effects on you. Outputs from speech recognition and language models are tools you review, not decisions we make about you.

6. Information that stays on your device

The Software runs on your machine. Audio recordings, transcripts, summaries, prompt outputs, prompt files, configuration, the local meetings index, and any speech-recognition or language-model weights you install all live on your disk. We do not operate a server that receives or processes Your Content. For a description of the on-device architecture, see Privacy architecture. If anything in that page conflicts with this policy, this policy controls.

7. Cloud providers you choose to use

The Software supports a small set of cloud providers for language-model inference and speech-to-text. They run only when you select them, and they use your own API key.

You decide whether to send Your Content directly to a cloud provider, and that provider processes Your Content under its own terms and privacy policy. Gistlist does not receive, proxy, retain, or act as a processor or sub-processor for those provider requests. If you use Gistlist for an organization, your organization is responsible for configuring providers consistently with its obligations.

The current cloud providers offered are:

  • Anthropic Claude for language-model inference.
  • OpenAI for language-model inference and for Whisper speech-to-text.

API keys you enter into the Software are stored in macOS Keychain on your device.

8. How we share Personal Information

We share Personal Information with the following categories of recipients, for the purposes shown.

Recipient category Examples Purpose Categories disclosed
Website hosting and content delivery Vercel Serving gistlist.app and gistlist.co Internet or network activity
Software distribution and update checks GitHub (GitHub Releases) Hosting downloads of the Software and serving update-check responses Internet or network activity (including the version of the Software you are running)
Setup-wizard download hosts osxexperts.net (FFmpeg/FFprobe for Apple Silicon); evermeet.cx (FFmpeg/FFprobe for Intel Macs); the Ollama release host on GitHub (Ollama binary); the Astral python-build-standalone release host on GitHub (managed Python runtime, Apple Silicon only); pypi.org (Python packages used by the Parakeet transcription path); the Hugging Face model registry (Parakeet model weights); the Ollama model registry (Ollama model weights, when you pull a model) Delivering pinned third-party binaries, Python packages, and model weights when you run the Setup Wizard or pull a model Internet or network activity (and, for the model registries, the name of the model you are pulling)
Email host for support email Our current provider Receiving and replying to support email Identifiers and communications content
Web analytics PostHog Understanding basic website traffic Internet or network activity and an analytics identifier
Legal and safety recipients Courts, regulators, law enforcement When we are compelled by law or it is necessary to protect rights, property, or safety The categories the legal request requires
Successors in interest An acquiring entity in a merger, acquisition, reorganization, or sale of assets Continuity of the Services The categories described above, with notice as required by law

Update requests from the Software may include the app version, the platform, and standard HTTPS request metadata, but do not include an account identifier or a device identifier.

The third parties listed above process Personal Information under their own terms and privacy policies. You should review them. We do not control how those third parties operate, and we are not responsible for their practices.

We do not "sell" or "share" Personal Information as those terms are defined under the California Consumer Privacy Act and the California Privacy Rights Act, including for cross-context behavioral advertising. We do disclose Personal Information to service providers acting on our behalf, as described in this section.

9. Cookies, local storage, and similar technologies

Our website uses PostHog for analytics. PostHog processes your IP address, user-agent, page-view and event data, and an analytics identifier; it may set cookies or use persistent browser storage to count unique sessions. We do not display a cookie banner. The downloadable Software uses no cookies and includes no analytics.

10. Retention

  • Support email. As long as we need it for the original request, our legal obligations, security, and reasonable business records, then deleted or archived in line with our email host's controls.
  • Website analytics. Held by our analytics provider in line with that provider's default retention.
  • On-device data. The Software stores audio, transcripts, summaries, prompt outputs, configuration, and the local meetings index on your disk. Retention of audio is governed by your Settings → Storage → Audio File Retention choice (described at Audio storage & retention). We have no role in deleting any of it.

11. Security

We hold a small amount of Personal Information with our service providers (support email handled by our email host, and website-analytics records held by our analytics provider), and that small footprint is the most important part of our security posture. We use standard practices to protect that data. If a security incident affects your Personal Information and the law requires notice, we will notify you and any required authority within the timeframe the law requires.

12. International transfers

Support email and website-analytics records may be processed in the United States. Where required by law, the standard cross-border transfer mechanisms (such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses) apply.

13. Your privacy rights

We hold a small amount of Personal Information about you, and that limits how much most of these rights can do in practice. They still apply.

California

We provide the rights below to California residents on a voluntary basis, regardless of whether the California Consumer Privacy Act / California Privacy Rights Act technically applies to Gistlist as a "business." (Whether it applies depends on, among other things, whether we exceed the then-current adjusted CCPA revenue threshold, whether we process the Personal Information of 100,000 or more California residents or households, or whether we derive 50% or more of our revenue from selling or sharing Personal Information.) We will honor these rights for California residents who request them:

  • The right to know what Personal Information we have collected about you and how we use it.
  • The right to delete Personal Information we have collected about you.
  • The right to correct inaccurate Personal Information.
  • The right to opt out of the "sale" or "sharing" of Personal Information for cross-context behavioral advertising. We do not "sell" or "share" Personal Information in those CCPA/CPRA senses, and we have not done so in the preceding 12 months. There is therefore nothing to opt out of, but the right is yours.
  • The right not to be discriminated against for exercising any of these rights.

Sources of Personal Information. We collect Personal Information from you (when you write to us or use the Software), from your browser (when you visit the website), and from the Software (when it checks for updates).

Sensitive Personal Information. We do not intentionally collect sensitive Personal Information to infer characteristics about you. If you include sensitive information in a support request, we use it only to respond to and manage that request, and we apply the retention rule in Section 10. Transcripts and other meeting content that may contain sensitive information are processed locally on your device and are not received by us.

To exercise any of these rights, email support@gistlist.co.

European Economic Area, United Kingdom, Switzerland

If you are in the EEA, the UK, or Switzerland:

  • The data controller is Gistlist, LLC.
  • The lawful bases on which we process Personal Information are listed in Section 5: primarily legitimate interest for support email, operating the Services, basic website analytics, and protecting our rights and property, and legal obligation where applicable.
  • You have the rights of access, rectification, erasure, restriction of processing, portability, and objection. You have the right to withdraw consent at any time, and the right to lodge a complaint with your local supervisory authority.
  • We do not have a designated Data Protection Officer and are not required to appoint one.
  • Based on our current limited processing and market posture, we do not believe we are required to appoint an EU or UK representative under Article 27 of the GDPR or UK GDPR. We will reassess if our offering to, or monitoring of, individuals in the EEA or UK changes in scale or nature.

To exercise any of these rights, email support@gistlist.co.

14. Children

Gistlist is not directed to children under 18, and we do not knowingly collect their Personal Information.

15. Changes to this policy

If we change this policy in a material way, we will post the new version with a new effective date.

16. Contact

For any privacy question, request, or correction, email support@gistlist.co.

← Back to home