HushHush

Privacy Policy

Last updated: June 2026

Protecting your personal data is important to us. This notice explains what data is processed when you visit this website, purchase a Hush license, or activate a license in the app. The Hush app itself processes your speech and transcripts exclusively locally on your Mac — this content is not transmitted to us or third parties.

1. Controller

Martin Kistner
Lorscher Straße 5, 60489 Frankfurt am Main, Germany
E-Mail: [email protected]

2. Hosting, CDN, and server log files

This website is hosted on servers operated by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. For delivery, protection against attacks, and stability, we use Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) as a content delivery network and reverse proxy. When you access the site, information is automatically stored in server log files transmitted by your browser: IP address, date and time of access, page accessed, browser type, and operating system. Processing is carried out to ensure secure and stable operation on the basis of our legitimate interest (Art. 6 (1) (f) GDPR). Data processing agreements pursuant to Art. 28 GDPR are in place with Hetzner and Cloudflare. Cloudflare may transfer data to the USA; Cloudflare relies on EU Standard Contractual Clauses for this. Further information: cloudflare.com/privacypolicy.

3. SSL/TLS encryption

For security reasons, this site uses TLS encryption. You can recognize an encrypted connection by “https://” in your browser's address bar.

4. Payment processing via Stripe

We use Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) as our payment provider. When you purchase a license, you are redirected to the Stripe checkout page. The data required for processing (including name, e-mail address, payment data, and billing address) is transmitted directly to Stripe and processed by Stripe. We do not receive complete payment data. The legal basis is contract performance (Art. 6 (1) (b) GDPR). Data may be transferred to the USA; Stripe relies on EU Standard Contractual Clauses for this. Further information: stripe.com/privacy.

5. Delivery of the license key by e-mail

After a successful purchase, we send your license key to the e-mail address you provide via Stripe. For delivery, we use Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. Your e-mail address and order information are processed for the purpose of delivering the ordered service (Art. 6 (1) (b) GDPR).

6. License activation in the app

When you activate a license key in the Hush app, the app sends a one-time background request to our server (hush-app.uk/api/license/track) after successful local verification. The license key and an anonymous installation ID (random UUID stored locally in your Mac keychain) are transmitted. On the server, we store only a SHA-256 hash of the key — not the key itself — together with the installation ID and activation timestamps. The purpose is to document license activations for abuse prevention and support. Local activation works regardless of whether the request succeeds. The legal basis is our legitimate interest (Art. 6 (1) (f) GDPR). Data is stored as long as the license is valid and there is a legitimate interest in tracking.

7. Cookies and storage technologies

This website uses only technically necessary cookies required for operation; no consent is required for these (§ 25 (2) TDDDG). Cloudflare may set security cookies, for example. In addition, the website stores localStorage entries in your browser for your language preference (hush-lang) and color scheme (theme). These serve user convenience only and do not require consent. We do not use analytics, marketing, or advertising tracking.

8. Your rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21) at any time. Contact us at the address above. You also have the right to lodge a complaint with a data protection supervisory authority.

9. Retention period

We store personal data only as long as necessary for the stated purposes or as required by statutory retention periods (e.g. commercial and tax retention periods for invoice data).