Compare dictation apps
An honest look at how DuckType compares on pricing, features, privacy, and technical choices.
| DuckType | Wispr Flow | Willow Voice | SuperWhisper | AquaVoice | |
|---|---|---|---|---|---|
| Pricing | |||||
| Free tier | Unlimited offline + BYOK | 2,000 words/week | 2,000 words/week | Limited (local models only) | 1,000 words (one-time) |
| Paid plan | $3-4/mo | $15/mo | $15/mo | $8.49/mo | $8/mo |
| Features | |||||
| Offline transcription | Paid only ($15/mo) | ||||
| Cloud transcription | |||||
| Bring your own API key | Pro only | ||||
| AI post-processing | |||||
| Custom dictionary | 5 entries (free) | ||||
| Text shortcuts | |||||
| Privacy & Security | |||||
| No screen/app scraping | |||||
| No URL logging | |||||
| Opt-out telemetry | |||||
| Technical | |||||
| App technology | Rust (Tauri) | Electron | Swift / Electron (Win) | Swift | |
| Download size | ~29.6 MB | ~238 MB | Small (native) | Small (native) | |
| Independent (not VC-backed) | |||||
Based on publicly available information and static analysis of application bundles. Last updated 20 March 2026.
Security findings
Wispr Flow: extensive data collection
Inspection of Wispr Flow's own application logs shows it actively reading the accessibility tree of whatever app you're using. Its logs record traversing the full element hierarchy (up to 9 levels deep, 75+ elements), reading selected text ranges, and capturing textbox contents before and after dictation. This happens on every app switch, including browsers where the visited URL is also logged.
Network capture (mitmproxy) confirms this data leaves the machine. The telemetry volume was high enough to trigger rate-limit responses from the receiving servers.
Static analysis of the app's local database reveals schemas for storing full window contents (axText, axHTML), screenshots, and pre-existing text in input fields. Code inspection shows an upload queue flag ( needsUploading) that operates independently of the user sharing preference ( shareType), suggesting data may be queued for transmission regardless of consent settings. Our testing also indicates that with privacy mode enabled, additional document context is included alongside transcription API requests.
Network analysis confirms Wispr Flow uses Baseten as its transcription provider (DNS queries to model-v31pl413.grpc.api.baseten.co were observed). Their compliance certifications were issued by Delve, a startup whose audit practices have been publicly questioned . Picking a certifier like this is security theatre. It gives the appearance of being audited without the rigour that actually protects users.
Example: captured log data, 20 March 2026
The following log messages were captured from Wispr Flow v1.4.587 during a single session on 20 March 2026. Every log entry includes textboxMonitoringActive: true . Network capture (mitmproxy) confirms these logs are transmitted to third-party servers.
// App and URL tracking (real URLs included) "Sending application info request for bundle ID: com.apple.Safari and URL: [redacted]" "Sending application info request for bundle ID: com.brave.Browser and URL: [redacted]" // Accessibility tree traversal "Found AXWebArea element in app: com.apple.Safari. Processed 51 elements in 0.05s, reaching depth 7" "Found AXWebArea element in app: com.brave.Browser. Processed 75 elements in 0.02s, reaching depth 9" // Selected text reading "Got selected text range from selectedTextMarkerRange" "Found nested selected text range" "Using contents from nested element" // Textbox content capture "Sending IPC request: TextBoxInfo" "Sending IPC request: UpdateEditedText" "Found dictated text in contents, doing edit analysis" // Baseten transcription (DNS: model-v31pl413.grpc.api.baseten.co) // Memory usage: ~1.1 GB (app_memory: 1128316928)
Findings based on static analysis of publicly distributed application bundles, inspection of local databases, and network traffic capture as of 20 March 2026. Users have a right to inspect software running on their own devices. Server-side behavior was not tested. These findings reflect a point-in-time analysis and may not reflect current versions.
Why it matters
Your voice is personal
When you dictate, you speak your unfiltered thoughts. Messages, notes, sensitive information. The app you trust with your voice should never capture what's on your screen.
Accessibility permissions are powerful
Some dictation apps use accessibility access to read your active window, log which apps and websites you use, and capture selected text. DuckType makes accessibility access optional and never reads your screen.
Aligned incentives
VC-backed dictation companies need growth metrics and data to justify their funding. DuckType is independently built. Your data isn't the product.
Try DuckType
Download for macOS 11 Big Sur and newer, then start dictating in seconds. Bring your own API key or use offline models. No account or credit card needed.
Download for macOS