Privacy Notice

Last updated: 2 June 2026

Sorrel is operated by an independent developer based in Canada, who is the party responsible for (the controller of) the limited personal data described below. Questions or requests: [email protected].

Sorrel is built privacy-first. The short version:

• No analytics. No crash-reporter SDK. No user IDs. No telemetry of any kind.
• No account required. You don't sign in to use Sorrel.
• No clipboard monitoring. Sorrel reads the clipboard only when you press the hotkey, tap Paste, or invoke an App Intent.
• API keys stay on your device. If you enable a cloud voice provider, your key is stored in the macOS Keychain, scoped to this device only.
• History is local. Your recent pastes are stored on-device. Nothing syncs to iCloud or to our servers — we have no servers that receive your text.
• Purchases go through Gumroad. When you buy a license, Gumroad handles the payment under its own privacy policy, and we receive your email address to issue your key. The app itself sends us nothing.

Where your text goes

1. You paste text into the app, or send it via App Intents (Shortcuts).
2. The filter engine strips the patterns you have enabled (URLs, markdown, tables, and so on).
3. If you use an Apple voice or the macOS Spoken Content voice, the text is synthesized entirely on your Mac. Nothing leaves your machine.
4. If you opt into a cloud provider (Google Cloud, Gemini, OpenAI, ElevenLabs), the filtered text is sent to that provider's server over HTTPS using the API key you supplied. Sorrel does not proxy or log these requests.
5. Synthesized audio is cached in your app's local caches directory so replay doesn't re-hit the provider. The cache is capped and purged automatically.

Third-party cloud providers

When you enable a cloud voice provider, that provider receives your filtered text and handles it under their own privacy policy. Sorrel has no agreement with those providers on your behalf, and is not responsible for how they handle your data or what their service produces. If privacy is your priority, use the built-in Apple and Spoken Content voices, which never send your text anywhere.

• Google Cloud Text-to-Speech — cloud.google.com/text-to-speech
• Google Gemini — ai.google.dev
• OpenAI — openai.com/policies/privacy-policy
• ElevenLabs — elevenlabs.io/privacy

Shortcuts and App Intents

Sorrel exposes two App Intents you can wire into Shortcuts: Speak Clipboard and Speak Text. Both run on your Mac. Neither watches the clipboard in the background, and neither sends anything over the network when you use an Apple voice. There is also a "Pause auto-speak from Shortcuts and App Intents" toggle (Settings > Privacy, and a chip on the Home screen); when it's on, Sorrel silently does nothing when a Shortcut or App Intent fires. We do not log when Shortcuts run, succeed, or are silenced.

Transcript view

While playback is active, Sorrel shows the text broken into sentences and highlights the one being read. That view is rendered locally from the text you pasted — nothing about it is sent anywhere or written to disk beyond the normal history entry.

Data you can delete at any time

• History: Settings > Privacy > Purge history.
• API keys: Settings > API Keys > Remove (per provider).
• Audio cache: cycles automatically; to clear it manually, delete the Sorrel Caches directory.

Your data, retention & your rights

The only personal data I hold off your device is the email address Gumroad gives me when you buy a license. I use it solely to issue your license key and answer license or refund questions (my basis is performing your purchase); I keep it while your license is active plus a short period for refund records, then delete it. Gumroad keeps its own copy under its policy. You can ask me to access, correct, or delete that record anytime at [email protected]. If you're in the EU or UK you may also complain to your local data-protection authority; in Canada, to the Office of the Privacy Commissioner.

Contact

For any privacy question, email [email protected].