When a lawyer dictates case strategy into a microphone, that audio is privileged. When a doctor dictates patient notes, that data falls under HIPAA in the US and GDPR in the EU. When a financial consultant dictates a client report, that content is bound by NDA.
Cloud dictation tools send this audio to external servers for processing. Local tools don’t. That’s not a philosophical preference. It’s a compliance requirement that determines whether you can use the tool at all.
Below: why cloud dictation creates real risk for professionals handling confidential information, what happened when the industry standard died, and what local alternatives exist today.
The confidentiality problem with cloud dictation
Every major cloud dictation tool works the same way. Your voice is recorded, compressed, and transmitted over the internet to the company’s servers. There, it’s transcribed by AI models running on their infrastructure. The text comes back. The audio stays.
Tools like Otter, Google Docs voice typing, and Wispr Flow all follow this model. Even Apple’s built-in Dictation sends audio to Apple’s servers before returning text.
Encryption in transit doesn’t solve the problem. The issue isn’t interception — it’s what happens after your audio arrives.
Data stored on third-party infrastructure. Your voice recordings sit on servers you don’t control, in data centers you can’t audit, managed by employees you’ve never vetted. For a law firm handling a sensitive merger, that’s unacceptable.
Retention policies you don’t control. Cloud providers set their own data retention schedules. Some keep audio for hours. Others keep it for months. Some keep it indefinitely unless you manually delete it. You have no guarantee that deletion is complete once data has been replicated across backup systems.
Subpoena risk. Audio stored on a third party’s servers can be subpoenaed. If a transcription service holds recordings of your privileged legal conversations, opposing counsel may be able to compel their disclosure. Discovery disputes over cloud-stored communications are increasingly common.
Training data risk. Many cloud transcription services use customer audio to improve their AI models. Read the fine print. If the privacy policy says they may use your data to “improve services,” your privileged conversations could be feeding someone else’s machine learning pipeline.
For lawyers, this creates a direct conflict with attorney-client privilege. The privilege protects confidential communications between attorney and client made for the purpose of legal advice. Voluntarily transmitting those communications to a third-party server may waive that privilege, or at minimum create a credible argument that it was waived.
For healthcare professionals, the risk is regulatory. HIPAA requires covered entities to ensure the confidentiality of protected health information (PHI). Using a cloud transcription service for patient notes means that service is handling PHI, which triggers Business Associate Agreement requirements, breach notification obligations, and potential fines up to $50,000 per violation.
For consultants and financial professionals, it’s contractual. Most client engagements include confidentiality clauses. Routing client information through a third-party transcription service may violate those clauses, even if no breach actually occurs.
Dragon is dead. What now?
For 25 years, Dragon NaturallySpeaking was the answer. Nuance built specialized editions for the exact professionals who needed privacy: Dragon Legal for law firms, Dragon Medical for healthcare. Both processed speech locally. Both cost accordingly — $300 to $700 per license.
Then Nuance killed the Mac version in October 2018 with no transition plan. Users who’d paid $300+ were stranded.
In 2022, Microsoft acquired Nuance for $19.7 billion. In 2023, Microsoft discontinued Dragon Home and Dragon Professional v15. Today, only Dragon Professional v16 remains. It’s Windows-only. It costs $699. And Microsoft’s strategic focus has shifted to cloud-based healthcare AI, not desktop dictation.
Professional Mac users who need private dictation have been underserved for nearly eight years. Some run Windows in virtual machines. Some stopped updating macOS to keep old Dragon versions alive, creating security vulnerabilities. Some gave up on dictation entirely and went back to typing everything.
That’s not a reasonable set of options for professionals who dictate hours of notes daily.
What professionals actually need from dictation
The requirements are consistent across professions:
100% local processing. Audio must never leave the device. Not encrypted-then-uploaded. Not temporarily-stored-then-deleted. Never transmitted at all. This is the non-negotiable requirement that eliminates most tools immediately.
Speed that doesn’t interrupt workflow. A lawyer dictating a deposition summary doesn’t want to wait 2-3 seconds after each sentence for cloud round-trips. Dictation needs to keep pace with speech.
Works in their tools. Lawyers work in Word, Outlook, legal practice management software, and court filing systems. Doctors work in EHR systems, email, and referral letter templates. The dictation tool must work wherever they type, not just in its own app.
Reliable accuracy. Medical terminology, legal terms of art, client names, case citations. The tool needs to handle specialized vocabulary without constant correction.
No usage limits. A busy lawyer might dictate four to six hours of notes in a day. A doctor doing end-of-day documentation might dictate for two hours straight. Per-minute pricing or daily caps don’t work for professional use.
Simple setup. These are professionals, not developers. If the tool requires command-line configuration, model downloads from GitHub, or troubleshooting Python dependencies, it’s not a professional tool.
The local alternative
Dictato, a local dictation app, processes everything on your Mac. No internet connection required. No cloud servers. No audio transmission. No third-party data retention.
Here’s how it works: you speak, the AI model running on your Mac’s hardware transcribes your speech, and the text appears in whatever app you’re using. The audio is processed in memory and discarded. Nothing is stored. Nothing is transmitted. There’s nothing to subpoena, nothing to breach, nothing to retain.
Cost: $9.99 for two years. Compare that to Dragon’s $699 one-time license fee. For a solo practitioner or small practice, this changes the economics of dictation entirely.
Latency: approximately 80ms. That’s faster than Dragon ever was (200-500ms) and dramatically faster than cloud tools (1-3 seconds). At 80ms, text appears as you speak. There’s no waiting, no lag, no interruption to your thought process.
Three transcription engines. Dictato ships with Parakeet (25 languages, fastest performance), Whisper (99 languages, broadest coverage), and Apple SpeechAnalyzer. You choose the engine that fits your workflow. For English-language legal and medical dictation, Parakeet delivers the best combination of speed and accuracy.
Universal app support. Dictato types into any text field on your Mac. Word, Outlook, Gmail, Chrome, Safari, Slack, any EHR system with a text input, any legal practice management tool, any app at all. It uses macOS text injection, so it works everywhere, not just in apps with specific integrations.
AI proofreading via Apple Intelligence. On macOS 26 and later, Dictato polishes transcriptions using Apple’s on-device AI — grammar correction, filler word removal, formatting adjustments. The proofreading step also runs locally, keeping everything on your machine.
Translation across 30 languages. For international cases, multilingual patients, or cross-border consulting engagements, Dictato translates your speech on-device. Speak in English, get text in French. Useful and private.
Toggle mode for long sessions. Press once to start dictating, press again to stop. No need to hold a key. For a doctor doing 45 minutes of end-of-day documentation or a lawyer dictating a lengthy case memo, toggle mode is essential.
Professional use cases
Law firms
Dictate case notes between client meetings. Draft client memos by voice while the conversation is fresh. Dictate first drafts of court filings, motions, and briefs. Summarize depositions by speaking your observations immediately after the session ends.
Dictato works in Word for document drafting, in Outlook and Gmail for client correspondence, and in any legal practice management tool (Clio, MyCase, PracticePanther) that has text input fields. The text injection is universal, so there’s no need to check app compatibility.
For firms where multiple attorneys share machines or use different Macs, the $9.99 price point makes per-seat licensing trivial. Compare that to managing Dragon licenses at $699 each.
Medical practices
Dictate patient encounter notes during or after appointments. Draft referral letters to specialists. Document treatment plans and follow-up instructions. Create clinical summaries for insurance or prior authorization.
Toggle mode is particularly useful for clinical documentation. Start dictating when the patient leaves, speak your notes naturally for five to ten minutes, stop when you’re done. No key-holding, no repeated activation.
Because Dictato never transmits audio or text, there’s no PHI leaving the device. The dictation tool doesn’t become a business associate. You don’t need a BAA with Dictato. Your compliance documentation is simpler because there’s one fewer third party handling patient data.
Consulting and finance
Dictate client reports, strategy documents, investment analyses, and board meeting summaries. For consultants working under NDAs with multiple clients, cloud dictation creates a messy confidentiality picture. Which client’s data is on which server? What happens if the transcription service is breached? With local processing, those questions don’t arise.
Financial professionals handling material non-public information have additional obligations. Routing MNPI through a cloud transcription service could create insider trading liability if that service is breached. Local processing eliminates that vector entirely.
Comparison: local vs. cloud for regulated professionals
| Feature | Dictato (Local) | Wispr Flow / Otter (Cloud) | Dragon Professional (Windows) |
|---|---|---|---|
| Audio stays on device | Yes | No | Yes |
| Mac support | Yes | Yes | No (Windows only) |
| Cost | $9.99/2yr | $12-20/mo | $699 (one-time) |
| Transcription speed | ~80ms | 1-3 seconds | ~200-500ms |
| Internet required | No | Yes | No |
| Works in any app | Yes | Varies | Limited integrations |
| Setup time | ~2 minutes | Account creation | 30+ minutes |
| BAA required | No (no data leaves device) | Yes (handles PHI) | No (local processing) |
| Active development | Yes | Yes | Unclear (Microsoft pivot) |
For most Mac professionals, the comparison is Dictato vs. cloud tools, since Dragon is no longer available on Mac. If you’re currently running Dragon in a Windows VM specifically for dictation, Dictato eliminates that workaround.
HIPAA and GDPR considerations
A note on compliance: this article doesn’t constitute legal advice. Consult your compliance officer or healthcare attorney for guidance specific to your practice.
That said, the architectural distinction matters for compliance analysis.
HIPAA. The Privacy Rule and Security Rule apply to protected health information handled by covered entities and their business associates. A cloud transcription service that receives patient audio is handling PHI and becomes a business associate, triggering BAA requirements, security safeguards, and breach notification obligations. A local dictation tool that never receives, transmits, or stores PHI outside the device doesn’t become a business associate. The compliance surface area is smaller.
GDPR. The General Data Protection Regulation applies to processing of personal data of EU residents. Voice recordings are personal data. A cloud transcription service processing voice data is a data processor, requiring a Data Processing Agreement, lawful basis for processing, and compliance with data transfer restrictions if servers are outside the EU. A local tool that processes and discards audio on-device doesn’t transfer personal data to a third party. The data processing analysis is simpler.
Attorney-client privilege. The privilege protects confidential communications made for legal advice. Whether transmitting privileged audio to a cloud server constitutes a waiver depends on jurisdiction and circumstances. But the safest position is clear: don’t transmit privileged communications to third parties at all. Local processing avoids the question entirely.
In all three frameworks, local processing doesn’t guarantee compliance. You still need to secure the device, manage access, and follow your organization’s policies. But it eliminates one significant category of risk: third-party data handling.
Making the switch
If you’re a professional currently using cloud dictation or typing everything manually, here’s a practical transition path.
Start with one workflow. Pick the most sensitive category of documents you produce regularly: client memos, patient notes, or confidential reports. Switch that single workflow to local dictation for one week.
You’ll notice two things. First, the speed. At 80ms, dictation feels immediate in a way cloud tools never do. Second, the simplicity. No login, no account, no internet dependency. Press the shortcut, speak, see text.
Once that workflow is comfortable, expand to the rest of your dictation. Most professionals complete the transition within two weeks.
For more on how local speech recognition works and why it matters for privacy, see our detailed privacy guide. If you’re coming from Dragon specifically, our Dictato vs Dragon comparison covers the feature-by-feature differences. For step-by-step setup instructions, see our macOS Sequoia dictation guide.
Keep privileged conversations private. Dictato delivers 100% local voice-to-text for Mac. No cloud. No servers. No audio leaves your device. Download Dictato — $9.99 for two years.