Privacy Policy
Conduck
Last Updated: 2026-06-24
Data Controller: GigaDuck OÜ Tornimäe tn 5, 10145 Tallinn, Estonia Registry code: 17501858 (Estonian Business Register) Email: [email protected] · General: [email protected]
Overview
Conduck is a voice and text client for your own AI assistant. It transcribes your speech and relays your messages to a speech-to-text provider and an AI gateway that you configure and pay for directly. It runs on iPhone, iPad, Mac, Apple Watch, and Apple CarPlay.
The defining fact of this app: GigaDuck runs no servers of its own. GigaDuck OÜ operates no backend, runs no analytics, and never receives your audio, your messages, your AI’s replies, your gateway address, or your access keys. Everything happens either on your device or directly between your device and services you chose.
Key points:
- No backend, no account. We run no servers. You are identified only by a random device ID stored in your device Keychain — never sent to us (we have nowhere to send it).
- By default, your audio never leaves your device. Fresh installs use Apple’s on-device speech recognition; transcription happens locally.
- If you choose a cloud transcription provider, your audio goes directly from your device to that provider using your own API key. We are not in that path.
- Your messages go directly to the AI service you chose — a gateway you run yourself or a hosted AI service you subscribe to (such as OpenRouter) — using your own access token. We never see the address, the token, or the conversation.
- Your conversation history is stored on your device and in your own iCloud (Apple CloudKit private database). We have no access — the same way we can’t read your Apple Notes.
- Read-aloud uses Apple’s on-device voice by default, which sends nothing off your device. If you choose a cloud read-aloud voice, the reply text is sent directly to that text-to-speech provider with your own key. We are not in that path.
- No analytics, no telemetry, no tracking. Zero outbound data to GigaDuck.
1. What We Collect
We collect nothing on any server, because we operate no server. GigaDuck OÜ has no database, no logs, and no analytics that receive any data from this app.
The table below describes where your data lives and who, if anyone, receives it.
| Data | Who receives it | Stored by us? |
|---|---|---|
| Voice recordings | (a) No one when Apple on-device transcription is active — processed locally, then discarded; (b) the cloud transcription provider you selected, sent directly with your key, if you opt into one | No |
| Transcribed text, your messages, and any attachments you send (photos, screenshots, files) | The AI service you configured — a gateway you run or a hosted service such as OpenRouter — sent directly with your token. If you set up a file-server for your gateway, your files are also uploaded there (your own server, a credential stored on your device). | No |
| AI replies (returned to you) | Returned from that service to your device | No |
| Reply text read aloud (only if you choose a cloud read-aloud voice) | The text-to-speech provider you selected — OpenAI, Mistral, ElevenLabs, Gemini, OpenRouter, or a custom endpoint you point to — sent directly with your key, to be turned into spoken audio. The default is Apple’s on-device voice, which sends nothing. | No |
| Conversation history | Your device + your iCloud (Apple CloudKit private database) | No |
| Device identifier | Your device Keychain only | No — never sent to GigaDuck |
| Access keys / tokens (transcription or read-aloud provider, gateway, file-server) | Your device Keychain; sent only to the provider, gateway, or file-server you configured, to authenticate your requests | No — never sent to GigaDuck, never logged |
Data We Do NOT Collect
- No audio, transcripts, messages, or replies on any GigaDuck server (we have none)
- No account, email, name, or contact information
- No analytics or usage events, and no crash telemetry of our own (Apple may provide aggregate, anonymized crash diagnostics through App Store Connect unless you opt out in iOS Settings)
- No advertising identifiers, no fingerprinting, no tracking
- No precise or coarse location
2. How Your Data Flows
Conduck performs up to three independent, device-direct hops, depending on your settings. GigaDuck is in none of them.
Hop 1 — Speech to text.
- Apple on-device (default): audio is transcribed by Apple’s Speech framework entirely on your device. It is never uploaded anywhere. Audio is held in memory only for the duration of transcription, then discarded.
- Cloud provider (optional): if you switch to a cloud transcription provider in Settings, your audio is sent directly from your device to that provider using the API key you entered. If that provider is a hosted AI service or aggregator (such as OpenRouter), it may in turn route your audio to a downstream model provider. That provider processes the audio under its own privacy policy. You chose the provider; you hold the key; you are responsible for that relationship. GigaDuck is not in that path.
Hop 2 — Message to your AI service. Your transcribed (or typed) message, any attachments or screenshots you add, and the prior turns of the current conversation are sent directly from your device to the AI service selected for that conversation, authenticated with the access token you entered. For a self-hosted gateway, that destination is the server you operate. For a hosted AI service such as OpenRouter, that destination is the hosted service and — depending on the model you select — the downstream model provider it routes your request to. The reply is returned to your device. GigaDuck never sees the address, the token, the message, the attachment, the reply, or the conversation.
If you have set up a file-server for your gateway (an optional, advanced feature so the AI’s tools can act on real files — it may run on your gateway machine or a separate one you control), your attachments and files are also uploaded directly to that file-server over HTTPS, using a credential generated on and stored on your device. For photos, the file-server receives the original image with its camera and location metadata intact, whereas the copy sent inline to the AI is downsized with that metadata removed. Files the AI produces can be downloaded back to your device. The file-server is yours; GigaDuck operates nothing here and never sees the credential or the files.
Hop 3 — Reply to speech (optional).
- Apple on-device (default): replies are read aloud by Apple’s built-in voice entirely on your device. The reply text never leaves your device; the synthesized audio is held in memory only during playback, then discarded.
- Cloud provider (optional): if you select a cloud read-aloud voice in Settings, the text of the reply being read aloud is sent directly from your device to that text-to-speech provider, using the API key you entered (the same key as that vendor’s transcription), and the provider returns synthesized audio. If that provider is a hosted service or aggregator (such as OpenRouter), it may in turn route the text to a downstream model provider. You chose the provider; you hold the key; that provider processes the text under its own privacy policy. GigaDuck is not in that path. Read-aloud uses Apple’s on-device voice by default; a cloud voice runs only when you have selected one and you tap Speak on a reply, enable a Spoken Replies option in Settings, or use the app in CarPlay (which always speaks).
Because you bring your own keys and connect to services you chose — whether a server you run yourself or a hosted AI service you subscribe to — the privacy and data-retention terms that apply to these hops are those of the providers, gateway, and read-aloud voice you selected, not GigaDuck’s. We recommend reviewing the privacy policy of any cloud transcription provider you enable, of any cloud read-aloud (text-to-speech) provider you enable, of the AI gateway you operate or subscribe to, and — for a hosted gateway — of the downstream model providers it may route to.
3. Third-Party Services
GigaDuck OÜ does not contract any sub-processors for this app. The third parties below are involved only because of your own configuration or Apple’s platform:
Apple Inc.
- App distribution via the App Store. The app is free for personal and individual use and offers no in-app purchases, so Apple processes no payments for it on our behalf.
- iCloud / CloudKit stores your conversation history and settings in your own iCloud private database, encrypted in transit and at rest by Apple. GigaDuck has no access.
- Watch Connectivity and CarPlay frameworks support the watch and in-car surfaces.
- Apple Privacy Policy
Transcription provider you selected (optional)
If you enable a cloud transcription provider, your audio is sent to that provider under your own account and key. GigaDuck has no contract with them on your behalf, and their handling of your audio is governed by their policy. (The default — Apple on-device transcription — involves no third party.)
AI gateway you configured
The AI assistant you connect to is a service you chose — a server you operate yourself, a custom OpenAI-compatible endpoint you point to, or a hosted AI service you subscribe to. Your messages, attachments, and conversation context go there under your own token. GigaDuck has no relationship with it.
Hosted AI gateway or hosted voice provider, such as OpenRouter
If you configure a hosted service like OpenRouter (as your AI gateway, your cloud transcription provider, and/or your cloud read-aloud voice), Conduck sends your requests directly from your device to that service using your own API key. That hosted service may forward your audio, your messages, attachments, screenshots, conversation context, and — if you chose it as a read-aloud voice — the text of any reply you have it read aloud, to the downstream model provider selected or routed for the request. Their terms, privacy policy, retention rules, and data-transfer safeguards — not GigaDuck’s — govern that processing. See OpenRouter’s Privacy Policy and Terms.
4. Storage and Security
| Data | Location |
|---|---|
| Voice recordings | Not stored. Held in memory only during transcription, then discarded. With a cloud provider, any retention is governed by that provider. |
| Synthesized read-aloud audio | Not stored. Held in memory only during playback, then discarded; never written to disk. With a cloud read-aloud voice, any retention of the reply text you send is governed by that provider. |
| Files uploaded to your gateway’s file-server (optional) | Not stored by us. Held on the file-server you run, under a credential stored only on your device. |
| Transcribed text / messages / replies | Not stored by us. Persisted as conversation history on your device + your iCloud. |
| Conversation history | Your devices + your iCloud private database (Apple CloudKit). Encrypted by Apple. We have no access. |
| Device identifier | Your device Keychain only. Never sent to GigaDuck. |
| Access keys / tokens | Your device Keychain. Sent only to the provider or gateway you configured, to authenticate a request; never sent to GigaDuck. |
Security measures:
- Audio is held in memory and deleted immediately after each transcription (cleanup is enforced on every path, success or failure).
- Access keys and gateway tokens are stored in the device Keychain and are never logged or shown in error messages.
- Connections to your gateway use HTTPS; plain-HTTP gateway addresses are rejected. For a self-signed gateway certificate, you may pin its fingerprint.
5. Data Retention
- On GigaDuck servers: none — we have no servers.
- Audio and read-aloud: not retained by us. On-device transcription and on-device read-aloud discard immediately; a cloud transcription or read-aloud provider’s retention of the audio or reply text you send it is governed by that provider (review their policy).
- Conversation history: kept on your devices and in your iCloud until you delete a conversation in the app, delete the app, or sign out of iCloud. Deleting on one device propagates to the others via iCloud.
- Device identifier / keys / tokens: kept in your device Keychain until you delete the app or remove them in Settings.
6. International Data Transfers
GigaDuck OÜ initiates no international data transfers — we receive no data to transfer. Any transfer that occurs is between your device and a service you chose (a cloud transcription provider, a cloud read-aloud voice provider, your AI gateway, or a hosted AI service and the downstream model providers it routes to), or is Apple’s iCloud handling under Apple’s own published safeguards. A hosted service and its downstream providers may process your data in other countries under their own safeguards. Those transfers are governed by the terms of the service you selected and by Apple’s standard agreements.
7. Your Rights (GDPR)
Because we hold no personal data about you on any server, there is in practice almost nothing for us to access, correct, or erase — and we cannot identify you (we have no account system and never receive your device ID).
You remain in full control of the data the app does touch:
- Your conversation history: view, edit, or delete it directly in the app on any of your devices; deletions sync via iCloud. Removing the app and its iCloud data erases it entirely.
- Your keys and tokens: remove them in Settings at any time.
For any data you believe we hold, or to ask about this policy, email [email protected]; we will respond within 30 days. Under the GDPR you also have the right to lodge a complaint with a supervisory authority; our lead authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
For data held by a cloud transcription provider or by your AI gateway, exercise your rights directly with that provider — they, not GigaDuck, are the controller for what you send them.
8. Children’s Privacy
Conduck is not directed at children under 16. We do not knowingly collect data from children (and, having no backend, we collect no server-side data from anyone). For questions about the app, email [email protected].
9. Changes to This Policy
We may update this policy from time to time. We will update the “Last Updated” date and post the current version in the app and on our website. Please review it periodically; the current version always governs.
10. Contact
Email: [email protected] Data Controller: GigaDuck OÜ, Tornimäe tn 5, 10145 Tallinn, Estonia · Registry code 17501858 · General: [email protected]