Privote

Privacy-first AI meeting assistant with local transcription and self-hosted cloud summarization.

Privote records meetings, transcribes audio locally using Whisper.cpp, and generates AI-powered summaries via your own Cloudflare Worker. Your audio never leaves your device, and you control all your data.

---

Table of Contents

• Features
• Quick Start
• Desktop App Setup
  • Whisper Model Configuration
  • Building and Installing the App
• Worker Deployment
• Usage
• API Key Authentication
• License

Features

Local Transcription

• Record meeting audio or upload existing files (only .wav files are supported)
• Whisper.cpp runs locally for speech-to-text processing
• All audio processing stays on your device
• Easy model switching - choose from Tiny, Base, Small, Medium, or Large models
• One-click model downloads directly from the app settings

AI-Powered Summarization

• Self-hosted Cloudflare Worker processes transcripts
• Llama 3.3 generates concise summaries and extracts action items

Meeting Management

• View all meetings with summaries and action items
• Export meetings as Markdown

Quick Start

Prerequisites

• Node.js 18+ and npm
• Cloudflare account (free tier works)
• macOS (Windows and Linux coming soon)

1. Clone Repository

git clone https://github.com/aaaaayushh/cf_ai_privote.git
cd cf_ai_privote

2. Set Up Desktop App

cd privote-desktop
npm install

# Start the app (development mode)
npm start

Whisper Model Management

The app runs Whisper.cpp locally. You will need to download a model before you can start recording.

Use the built-in model manager

1. Open the app and go to Settings → Whisper Model
2. Select your preferred model from the dropdown
3. Click Download Model to get additional models (Small, Medium, Large)
4. The app automatically detects available models and shows their status

3. Deploy Cloudflare Worker

cd ../privote-worker

# Login to Cloudflare
npx wrangler login

# Install dependencies
npm install

# Create database and initialize schema
npx wrangler d1 create privote-db
# the cli output will ask you if you want to add the database config to wrangler.jsonc, say yes.

# Initialize database schema
npx wrangler d1 execute privote-db --remote --file=./src/schema.sql

# Deploy to Cloudflare
npm run deploy
# Save the Worker URL from output!

4. Secure Your Worker (Recommended)

Protect your Worker with an API key:

# Generate a secure API key
openssl rand -hex 32

Save the API key! You'll need it in the next step.

# Set the name of the secret only (do NOT include your API key on the command line!)
npx wrangler secret put PRIVATE_API_KEY
# When prompted, paste your API key (the long hex string you generated above) and press Enter

# Redeploy with the secret
npm run deploy

5. Connect App to Worker

1. Open the desktop app
2. Go to Settings tab
3. Enter your Worker URL: https://privote-worker.<your-subdomain>.workers.dev
4. Enter your API Key (the one you generated in Step 4) . Click Save Settings

6. Record Your First Meeting

1. Go to Record tab
2. Check the model indicator - shows which Whisper model will be used
3. Click Start Recording (or Upload Audio)
4. Speak for a few seconds
5. Click Stop Recording
6. Wait for local transcription using your selected model
7. Review and upload to Worker
8. View AI-generated summary and action items!

Pro tip: Switch between models in Settings to find the best balance of speed vs. accuracy for your needs!

Note: If you skipped Step 4 (API key setup), your Worker is publicly accessible. See API Key Authentication to add authentication later.

Desktop App Setup

Whisper Model Configuration

For most users: The cloned repository already includes:

• Whisper.cpp binaries
• Built-in model manager for easy switching and downloading
• Ready to use immediately after downloading a whisper model

Just run npm start! Transcription works out of the box.

Model Management Features

• Visual model selector in Settings → Whisper Model
• One-click downloads for additional models

Model Storage Locations

• Binaries: privote-desktop/lib/ (.dylib, .dll, or .so files)
• Models: privote-desktop/models/ (.bin files)

Building and Installing the App

Build the App

cd privote-desktop

# Install dependencies (if not already done)
npm install

# Build for macOS (creates DMG and ZIP files)
npm run build:mac

This will create the following files in the dist/ directory:

• Privote-0.1.0.dmg - macOS installer
• Privote-0.1.0-mac.zip - Portable ZIP archive

Install the App

Option 1: Using the DMG installer (Recommended)

1. Double-click Privote-0.1.0.dmg to mount it
2. Drag Privote.app to your Applications folder
3. Eject the DMG when done
4. Launch Privote from Applications or Spotlight

Option 2: Using the ZIP archive

1. Extract Privote-0.1.0-mac.zip
2. Move Privote.app to your Applications folder
3. Launch Privote from Applications or Spotlight

First Launch Setup

1. Grant microphone permissions when prompted
2. Download a Whisper model in Settings → Whisper Model
3. Configure your Worker in Settings → Cloudflare Worker Configuration

Troubleshooting

App won't launch:

• Check macOS security settings in System Preferences → Security & Privacy
• Click "Open Anyway" if macOS blocks the app

Microphone access denied:

• Go to System Preferences → Security & Privacy → Privacy → Microphone
• Enable Privote in the list

Model downloads fail:

• Check your internet connection
• Ensure the app has network permissions

Worker Deployment

Setup

cd privote-worker
npm install

Database Configuration

1. Create D1 database:

npx wrangler d1 create privote-db
# The CLI output will ask if you want to add the database config to wrangler.jsonc. Say yes, unless you want to add it manually.

2. (Optional) If you did not add the config automatically, update wrangler.jsonc manually with your database ID from the output:

{
  // ... existing config
  "d1_databases": [
    {
      "binding": "privote_db",
      "database_name": "privote-db",
      "database_id": "your-database-id-here"
    }
  ]
  // ... existing config
}

3. Initialize schema:

npx wrangler d1 execute privote-db --file=./src/schema.sql

Local Development

npm run dev

Test endpoints:

# Health check
curl http://localhost:8787/health

# Upload transcript
curl -X POST http://localhost:8787/api/transcripts \
  -H "Content-Type: application/json" \
  -d '{
    "transcript": "Test meeting. John will prepare the report by Friday.",
    "title": "Test Meeting"
  }'

# List meetings
curl http://localhost:8787/api/meetings

Production Deployment

npm run deploy

Save the Worker URL! You'll need it for the desktop app:

https://privote-worker.<your-subdomain>.workers.dev

Secure Your Deployment (Recommended)

Note: API key authentication is recommended for production use. If you haven't already set this up, follow the instructions in API Key Authentication.

Usage

Settings

Configure in Settings tab:

• Worker URL: Your deployed Cloudflare Worker
• API Key: Optional authentication (see API Key Authentication)
• Whisper Model: Select and download Whisper models for transcription
• Auto Upload: Automatically upload after transcription
• Keep Local Copies: Save recordings on device

API Key Authentication

Protect your Worker with API key authentication.

If you followed the Quick Start guide: You already set this up in Step 4.

To set up API key authentication manually:

1. Generate API key:

openssl rand -hex 32

2. Set as Cloudflare secret:

cd privote-worker
npx wrangler secret put API_KEY
# Paste your key when prompted

3. Deploy Worker:

npm run deploy

4. Configure desktop app:
   • Open Settings
   • Enter the same API key
   • Save settings

How it works:

• The worker checks for the X-API-Key header on all /api/* requests
• If API_KEY secret is set but header is missing/wrong, returns 401 Unauthorized
• If API_KEY secret is not set, authentication is disabled (development mode)

Additional Security Measures

Rate Limiting

Enable in Cloudflare Dashboard:

1. Workers & Pages > Your Worker > Settings
2. Add rate limiting rule: 100 requests/10 min per IP

IP Allowlisting

In Cloudflare Dashboard, add WAF rules to block unauthorized IPs.

License

MIT License © 2025

Built with privacy in mind. Your data stays yours.