Your data stays with you.
The short version.
- Heed runs entirely on your device. Your voice, transcripts, items, and search history never leave your phone.
- We don't have a server for your data. No accounts, no cloud sync, no telemetry, no analytics, no ads, no tracking.
- The only network call is a one-time download of the AI model files (~2.7 GB total) from HuggingFace, with a Cloudflare R2 mirror as a fallback. After that, you can use the app fully offline.
1. Who we are
Heed is an Android application (with iOS planned for a future release) that turns voice notes into sorted, searchable items, all on your device. This privacy policy explains what data Heed handles, where it's stored, and what — if anything — leaves your phone.
For privacy questions, see the contact information at the bottom of this page (section 12).
2. The short version, in plain English
You speak. Heed transcribes you, categorises what you said, and saves it as items inside the app. Every step of that pipeline runs on your device. We don't have a backend to send your data to, and we haven't built one — that absence is the whole product.
The single exception is downloading the AI model files the first time you set up the app. That download contacts HuggingFace and (if HuggingFace is unavailable in your region) a Cloudflare R2 mirror we operate. We explain that call in detail in section 5.
3. What Heed handles on your device
While you use Heed, the following data is created and stored locally on your phone:
- Voice recordings (WAV files in app-private storage). Created when you tap the mic. Deleted automatically once transcription completes, or kept in History if you've enabled that — your choice, in Settings.
- Transcripts of what you said.
- Items Heed extracted from your speech: tasks, shopping items, ideas, reminders, journal entries, and so on, including the category Heed assigned, any reminder time you set, and any tags it attached.
- Search queries you type or speak in Heed's search bar, and the synthesised answers Heed produces.
- Settings you choose: theme, time format, default categories, on-device speech engine, daily-digest preferences.
- Diagnostic logs Heed writes locally to help you (or our support, if you choose to share) understand performance and crash behaviour. These never auto-upload anywhere.
All of the above lives in your app's private storage area. Other apps cannot read it, and Heed does not transmit it.
4. What never leaves your device
To be unambiguous: Heed does not send your voice, transcripts, items, search history, or any other content you create with the app to any server, ours or anybody else's. There is no cloud sync. There are no analytics events. There is no crash-reporting SDK uploading anything. There are no advertising identifiers being read or sent.
You can verify this yourself in Android Settings → Apps → Heed → Mobile data. After the one-time model download (section 5) the number stays at zero, even after weeks of regular use.
5. The one network call: the model download
Heed needs an AI language model and a speech-recognition model to function. These are large files we do not embed in the app itself, because that would bloat the install size and prevent updates. The first time you set up the app — and only then — Heed downloads them:
- Gemma 4 E2B language model (~2.4 GB) from huggingface.co/litert-community.
- Whisper Small speech-recognition model (~280 MB across three files) from huggingface.co/csukuangfj.
- If HuggingFace is unavailable in your region or temporarily down, Heed falls back to a Cloudflare R2 mirror we host at
pub-33cceff19bc44aa1a7a000f377d71685.r2.devwith byte-identical copies. The mirror is verified by SHA-256 hash before use.
The HTTP request to HuggingFace and (if used) Cloudflare consists of standard download metadata: your IP address (so they can return a response) and a generic User-Agent. Neither party is told who you are, what device you're on beyond that, or what you're going to do with the model.
We do not see this request at all. HuggingFace and Cloudflare do see it, in the same way they see any download, and you are subject to their respective privacy policies for that one transaction:
Once the download completes and the SHA-256 of each file is verified, Heed never contacts these endpoints again unless you explicitly delete the model and reinstall it. The app works fully offline from that point on. You can put your phone in airplane mode and use Heed normally.
6. Permissions Heed asks for
The Android system requires apps to declare the permissions they use. Here is the complete list, with why each one is needed:
| Permission | Why Heed needs it |
|---|---|
RECORD_AUDIO |
Recording your voice when you tap the mic. The audio is processed on-device by the speech-recognition model and never sent anywhere. |
INTERNET |
Used only for the one-time model download described in section 5. Once the model is on your device, no further network calls are made. |
POST_NOTIFICATIONS |
Showing reminder notifications you've explicitly set, and a foreground-service notification while voice processing is happening. |
SCHEDULE_EXACT_ALARM · USE_EXACT_ALARM |
Firing reminders at the precise time you asked for ("remind me at 3 pm"), instead of within a fuzzy window the OS chooses. |
RECEIVE_BOOT_COMPLETED |
Re-scheduling your pending reminders after the device reboots, so a restart doesn't lose them. |
FOREGROUND_SERVICE · FOREGROUND_SERVICE_SPECIAL_USE |
Running on-device AI inference (transcription and categorisation) while the app is in the background, with a status notification so you can see what's happening. The "special use" subtype is declared as on_device_ai_processing. |
FOREGROUND_SERVICE_DATA_SYNC |
Used by the model-download flow to keep downloading even if you switch apps, with a progress notification. |
WAKE_LOCK |
Keeping the CPU awake during a voice-processing run so it doesn't slow to a crawl when the screen turns off (e.g., if you record from the lock screen). Released the moment processing finishes. |
VIBRATE |
Standard haptic feedback for notifications. |
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS |
Optional. On phones with aggressive battery management (Xiaomi, Oppo, Vivo, OnePlus, some Samsung configurations), the OS can throttle Heed so much that lock-screen voice notes take minutes to finish. Heed asks for this exemption only if you opt in via Settings → "Allow background processing." You can revoke it any time. |
7. Storage and deletion
All your Heed data lives in your phone's app-private storage area, which is sandboxed by the operating system. Other apps cannot access it without root. Heed itself does not encrypt the database beyond what Android's full-device encryption already provides — so your phone's lock screen is what's keeping your data safe at rest.
Exporting your data
Settings → Data → Export as JSON gives you a complete copy of your items, recordings metadata, transcripts, and categories in a machine-readable file. You pick where to save it.
Deleting your data
You have several ways to remove data:
- Delete a single item — long-press in the category screen, or open it and tap delete.
- Delete a recording — in History, swipe or open the recording detail.
- Wipe everything — Android Settings → Apps → Heed → Storage → Clear data. Removes the database, all recordings, all settings, and the downloaded model. The app returns to a fresh-install state.
- Uninstall the app — removes everything Heed ever wrote to your device. Because nothing was ever uploaded, there is no copy elsewhere.
8. Security
Heed is open about how it works. The core privacy claim — "nothing leaves the device except the model download" — is structurally enforced: the app contains no analytics SDK, no crash-reporter SDK, no advertising library, no Firebase, no Google Sign-In, and no remote API client. You can verify this with a network monitor (e.g., your router logs, or an on-device packet capture tool) on a real device.
The one-time model download is verified by SHA-256 hash before the file is loaded — a corrupted or tampered file is detected and rejected.
Because Heed has no servers, there is no server-side data breach scenario for your content. The remaining attack surface is your physical device; we recommend the usual precautions (a strong lock screen, OS updates, full-disk encryption — which is standard on modern Android).
9. Children's privacy
Heed is not directed at children under 13 (or the relevant age in your jurisdiction). We do not knowingly collect personal information from children. Because Heed does not collect personal information from anyone, this is structurally true rather than a promise we have to actively enforce — but we want to be explicit about it.
10. International users
European Economic Area / United Kingdom (GDPR)
Under the GDPR, you have rights to access, correct, delete, restrict, and port "your personal data" held by data controllers. Heed does not act as a data controller for the content you create in the app — that data lives only on your device, under your direct control. You can therefore exercise all of those rights directly: open the app, view, edit, delete, or export, as described in section 7. We hold no copy.
If you contact us using the channel listed in section 12, that message is processed only for the purpose of replying to you. The message is the only personal data you would have shared with us, and it is held only for as long as needed to handle your request.
California (CCPA / CPRA)
We do not "sell" or "share" personal information as those terms are defined under the CCPA / CPRA. We do not collect personal information from California residents through the app. The right-to-know, right-to-delete, and right-to-opt-out provisions therefore have no data on our side to act against; everything is on your device.
Other jurisdictions
The structural fact that Heed does not collect or transmit your personal data means most regional privacy regulations (Canada's PIPEDA, Brazil's LGPD, Australia's Privacy Act, India's DPDP Act, etc.) impose no additional obligations on us. If you have a specific question, write to us.
11. Changes to this policy
We will update this policy if we change anything material — for example, adding iOS, adding an opt-in cloud-sync feature (which we have no plans to do), or changing the model-download mirrors. The "Last updated" date at the top of this page reflects the most recent change. Material changes will also be surfaced in the app's release notes.
We will not retroactively expand what data is collected without explicit opt-in from you. If a future feature ever requires sending something off-device, that feature will be disabled by default and clearly described before you enable it.
12. Contact
For privacy questions, data requests, or anything else covered by this policy, please use the developer contact email shown on the Heed listing in the Google Play Store. The Play Store displays a developer email and website link in the listing's "Developer contact" section by Google's policy.
If Heed isn't yet listed on the Google Play Store at the time you're reading this, the page will be updated with a direct contact channel before public release.
This page is plain HTML, has no third-party scripts, sets no cookies, and uses no tracking pixels. The only third-party request it makes is fetching the Geist and Instrument Serif typefaces from Google Fonts on first load (cached by your browser thereafter). If you would prefer the page never contact Google Fonts, your browser's "block third-party requests" or an extension like uBlock Origin will substitute system fonts without affecting readability.