Nuance’s offerings are a bit of an alphabet soup; but the major breakdown is between the ones that do speech to text locally(the boxed retail ‘Dragon Home’, its ‘legal’, ‘medical’, ‘law enforcement’ and ‘professional’ flavors; and the Dragon SDK, client and server) and the various faces of Nuance’s cloud-based service; either sold under one of their brands(“Dragon Anywhere”, “Dragon Medical One”) or integrated into 3rd party products through their SDK.
Of note, their ‘standard’ SDK appears to be cloud-only; and points users with medical needs to their healthcare specific offering which offers
“Global, enterprise-class, speech
platform with hosted (USA only)
and on-premise (EMEA, APAC,
and LATAM only) configurations”
so, apparently, in the US the answer is “Our cloud is totally HIPAA compliant, so like it.”; but I can only assume that somebody in the EU and elsewhere sent them a stern nastygram about storing and processing medical data in American jurisdiction.
The one somewhat curious thing is their “Dragon Anywhere” offering. They pitch it as being an ‘enterprise’ thing; and it is included in the upsell with some of their volume licence-management stuff for professional versions of Dragon; but all the “Data Policy” has to say is
“By using Dragon Anywhere, you expressly consent and agree that Speech Data, which may contain personal information, shall be stored and processed in the United States. “Speech Data” means the audio files, associated text, transcriptions and log files provided by you or generated in connection with Nuance Products.”
Which does tell you what jurisdiction ‘the cloud’ is in; but isn’t much of a privacy policy. The datasheet notes that “All client/server communication is encrypted” and “user accounts are password protected” and “Dragon Anywhere does not access content on your device, such as contacts or your location. You control what data is available to the system, based on what you dictate”; all of which beat the alternatives; but still don’t amount to much of a privacy policy for what you do dictate; what with dictation being the whole point and all.
So, um, that’s my rambling not-really-answer. There’s the client/local server stuff; the “I’m Hip to HIPAA” cloud for Americans, the locally hosted version of that for foreigns; and the ‘it’s private as in hopefully protected from hackers’ consumer cloud stuff.
Presumably, customers more serious than the ‘Emerald’ SDK tier get their own privacy policy; and may also get to run the cloud-ified versions of Dragon locally on their systems, if their checks are big enough; but that would be between them and Nuance.
