On-Device Transcription for Research Interviews and Session Notes

The workflow problem

Qualitative researchers, clinicians, therapists, physicians, case managers, coaches, social workers — a surprising number of professions depend on recording conversations that, by the terms of the professional relationship, cannot leave the device they were recorded on.

This creates an awkward situation with transcription. Transcription is genuinely useful for this kind of work. Researchers need interview transcripts for coding and analysis. Clinicians benefit from session notes that capture more than what the clinician remembered to type afterward. Therapists sometimes work from transcripts when reviewing a session or consulting with a supervisor. But the dominant transcription tools on the market — the ones that come up first when you search — all route your audio through a third-party cloud service, which for confidentiality reasons makes them structurally wrong for this kind of work, regardless of how good their accuracy is.

The result, historically, has been a mix of workarounds. Some people transcribe manually, which is accurate but enormously time-consuming. Some people do without transcripts and work from the recording and their notes. Some people negotiate with their institution's IT department for an enterprise transcription service that will sign the right paperwork, which mostly only works for large, well-funded institutions. Some people use cloud services anyway and hope the relevant policies hold.

On-device transcription — the audio never leaving the device — is a direct answer to the underlying privacy problem that drives all of those workarounds. This post is about how that changes the workflow, and how to think about it carefully.

An important caveat up front

Before anything else: on-device processing addresses the privacy concern but does not by itself constitute regulatory compliance. HIPAA, FERPA, GDPR, IRB protocols, institutional information security policies — these each have procedural and documentation requirements that live separately from the underlying technology.

If your work is subject to any of those frameworks, the right move is to take the specifics of on-device processing — what it does, what data is or is not transmitted, where it is stored — to the person or committee responsible for your compliance and ask whether it meets their requirements. Most of the time, the architecture is the part they were actually worried about, and an on-device workflow will be easier to approve than a cloud one. But the approval still has to happen through your institution's process. This post is not legal advice, and no transcription app is a substitute for your IRB or your compliance officer.

With that said:

What on-device processing actually means

The distinction that matters for this use case is between two things that sound similar but are not.

"Secure cloud processing" means your audio is transmitted to a server, processed there, and transmitted back. The security claim is about transit encryption, storage encryption, access controls, and the vendor's own practices. Those protections can all be real and still not answer the question of whether the audio can be on someone else's server at all, which is often the underlying question that drives the policy.

"On-device processing" means the audio is read by the app on your device, processed by a model that runs on the device's own hardware, and the output is written back to local storage. Nothing is transmitted. The security claim is architectural: the server is not part of the picture.

For work where the concern is not "is the vendor trustworthy" but "can this audio leave the device at all," on-device is the answer. The conversation does not need to be about access controls or SOC 2 reports or business associate agreements, because the thing that those documents are trying to govern — data leaving your possession — is simply not happening.

MinuteONE is an on-device transcription app for iPhone, iPad, and Mac. The transcription is performed by Apple's on-device speech recognition framework, running on the Neural Engine. The summarization and extraction of structured information from the transcript is performed by Apple Intelligence, also on-device. There is no server component to the app. MinuteONE does not have an account system, does not have a backend, and does not transmit anything.

Workflow: research interviews

A common shape for qualitative research: the researcher conducts a series of semi-structured interviews, records each one, and eventually transcribes them for coding and thematic analysis.

The on-device version of that workflow:

- Record the interview on an iPhone, iPad, or directly on a Mac. MinuteONE can do live transcription in this mode, with the transcript appearing as the interview is happening — useful as a capture sanity check. Alternatively, record on whatever hardware you have been using and import the file afterward.

- Import the audio to MinuteONE on a Mac for processing. The transcript generates locally. A summary of the interview and any extracted action items generate locally, from the transcript, using Apple Intelligence.

- Export the transcript to plain text or PDF. Plain text imports cleanly into NVivo, Atlas.ti, Dedoose, or whatever qualitative analysis tool you use for coding.

- Archive the audio and the transcript on the same device, or sync across your devices via iCloud, or export to an encrypted local archive — however your data management plan handles retention. Because the tool does not have a cloud component, your retention policy stays under your control.

What this avoids: the step where you would otherwise be uploading participant audio to a cloud transcription vendor, with the attendant question of whether your IRB approved that, whether the vendor will sign the right agreements, and what your participants consented to when they agreed to be recorded.

For graduate students and early-career researchers specifically, there is a budget dimension here too. Institutional cloud transcription services are often billed back to the PI's grant. If you do not have a PI, or the grant does not cover it, you are often personally paying cloud transcription subscriptions on a stipend. Five dollars, once, is a notably different shape of expense than fifteen dollars a month forever.

Workflow: clinical and therapeutic session notes

This use case needs to be treated carefully, because the range of practice is wide and the regulatory context varies.

Some clinicians record sessions for their own review, supervision, or note-generation purposes, with appropriate informed consent from the client. Those recordings are, by the terms of the professional relationship and the governing regulations, not something that should be on a third-party server. The workflow question is: once you have the recording, how do you turn it into useful artifacts — session notes, review material, supervision prep — without violating that?

On-device processing is the mechanism that answers the architectural side of that question. The audio stays on your device. The transcript stays on your device. The summary and any extracted structure stay on your device. You control retention, you control deletion, and you are not dependent on a third party's policies.

What this does not do — and it is important to be specific — is substitute for your own compliance work. You are still responsible for:

- Obtaining appropriate informed consent to record.

- Following your licensing board's requirements around session recordings.

- Maintaining appropriate device security (strong passcodes, full-disk encryption, physical access controls).

- Handling retention and deletion per your practice's policy and any applicable regulation.

- Consulting with your practice's compliance officer or legal counsel about whether on-device AI transcription is appropriate for your specific context. (In particular, the question of whether AI-generated summaries of session audio should exist at all, and how they should be handled if they do, is not a question that technology answers. It is a practice and policy question.)

If those considerations check out, the mechanics are straightforward: import the recording, get the transcript and summary, export what you need, delete what you do not. Nothing in that flow crosses the device boundary.

Workflow: medical interviews and case documentation

Similar contours. Physicians, physician assistants, and other clinicians who conduct patient interviews have legitimate interest in transcription for documentation and review purposes, and equally legitimate concerns about patient data leaving the device.

The architectural answer is the same: on-device processing keeps the audio, the transcript, and any generated structured output on your device. The procedural answer, again, runs through your organization's compliance framework, not through anything the app vendor can unilaterally provide. Most hospitals and clinics have policies about AI tools and patient data that need to be consulted regardless of where the processing happens.

What is worth noting is that many of those policies were written with cloud transcription services in mind, and may treat on-device processing as a materially different category. It is often worth asking the question specifically rather than assuming the default answer.

On exports and retention

One thing that matters in regulated-adjacent work that does not always matter elsewhere: being able to get your data out, and being able to delete it.

MinuteONE exports to:

- PDF, for archival and sharing

- Plain text, for import into analysis tools, electronic health records, or research data management systems

- M4A, for the underlying audio if you need to retain it

Deletion is local. When you delete a transcript or a recording from MinuteONE, it is deleted from your device. There is no server copy to coordinate with. There is no vendor to request deletion from. This matches well with retention policies that require verifiable deletion.

FAQ

Does MinuteONE claim HIPAA compliance?

No, and be wary of any app that makes a blanket HIPAA claim. HIPAA compliance is a property of how you use a tool in the context of your covered entity's policies and agreements, not a feature of the tool alone. What MinuteONE does provide is on-device processing, which is the architectural property that most HIPAA concerns about transcription are actually about. Whether that satisfies your organization's specific HIPAA compliance program is a question for your compliance officer.

Is it appropriate for qualitative research under IRB approval?

On-device processing is generally easier to get IRB approval for than cloud processing, because it does not involve transmitting participant data to a third party. Whether it is appropriate for your specific protocol is a question for your IRB. Bring them the specifics of what the app does and does not do.

Is the audio encrypted?

Audio and transcripts are stored on your device, protected by your device's full-disk encryption (enabled by default on iOS, and optional but available on macOS via FileVault). MinuteONE does not add a second layer of app-specific encryption. For most uses this is fine; if you have specific requirements around application-level encryption beyond device-level, your compliance team should be consulted.

What about iCloud sync?

iCloud sync is optional. If enabled, it uses iCloud's standard sync mechanisms (which are encrypted in transit and at rest under Apple's terms). If your compliance framework does not permit iCloud storage of the relevant data, leave sync off and use the app in single-device mode. The app works equally well either way.

What happens if I stop using the app?

Your data stays on your device. There is no vendor-side retention because there is no vendor side. Export what you want, delete what you do not, uninstall the app — all of that is local.

Does the summary generation work the same way?

Yes. The summarization, action-item extraction, and decision extraction run on-device using Apple Intelligence on the Neural Engine. The transcript is the input; the output is written back locally. Nothing about the summary pipeline involves transmission.

MinuteONE is on the App Store for iPhone, iPad, and Mac. For the broader case for on-device transcription, see the main post. Nothing in this post is legal, regulatory, or clinical advice, and you should consult your own compliance framework before adopting any new tool for regulated work.