Security Policy

How we protect your data and ensure service security

Overview

Keeping our customers' data protected at all times is our highest priority. This security overview provides a high-level overview of the security practices put in place to achieve that objective.

Data Encryption

Encryption in Transit

All data sent to or from our infrastructure is encrypted in transit via industry best practices using Transport Layer Security (TLS/HTTPS).

Encryption at Rest

  • All user data including passwords is encrypted using industry-standard encryption algorithms
  • Sensitive data is encrypted in the database

Infrastructure

Cloud Infrastructure

All of our services run in the cloud. We don't host or run our own routers, load balancers, DNS servers, or physical servers. Our infrastructure is built on industry-leading cloud providers that provide strong security measures.

Network Security

We monitor and protect our network to ensure no unauthorized access is performed using:

  • Firewall that monitors and controls incoming and outgoing network traffic
  • IP address filtering
  • DDoS protection using industry-leading solutions

Application Security

Security Monitoring

  • We use security monitoring solutions to get visibility into our application security
  • We collect and store logs to provide an audit trail of our applications' activity
  • We monitor for exceptions and detect anomalies in our applications

Security Protection

  • We use security headers to protect our users from attacks
  • We follow security best practices and frameworks in our development process
  • We regularly update our dependencies and ensure none have known vulnerabilities

Data Retention

  • Uploaded Media Files: Automatically deleted after 3 months
  • Transcription Results: Retained until you delete them
  • Account Data: Permanently removed within 30 days after account deletion

Payment Security

All payment processing is securely handled by Creem. We don't collect or store any payment information.

Compliance

GDPR

We're compliant with the General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data.

Employee Access

Our strict internal procedures prevent any employee or administrator from gaining unauthorized access to user data. Limited exceptions can be made for customer support.

All our employees sign Non-Disclosure and Confidentiality Agreements when joining the company to protect our customers' sensitive information.

Vulnerability Disclosure

We encourage security researchers and members of the public to report any potential vulnerabilities they discover in our systems. If you believe you've found a security issue, please contact us promptly.

We will investigate all legitimate reports and do our best to quickly fix any vulnerabilities. We will not take legal action against individuals who discover and report vulnerabilities responsibly.

Contact Us

For security-related questions or incident reports, please contact us.