Security & Privacy

We take security seriously. Here's exactly what we do to protect your data today.

Current Security Measures

What we actually implement today to keep your data safe

HTTPS Encryption

All data transmitted between your browser and our servers is encrypted using industry-standard TLS.

No Data Storage

Audio files are processed in memory and immediately deleted. We do not store your audio files.

Secure API

API keys are hashed and rate-limited to prevent abuse. Each key has usage monitoring.

GDPR Compliant

We follow GDPR principles: minimal data collection, user consent, and data deletion rights.

Technical Implementation

Authentication & Authorization

  • • NextAuth.js for secure session management
  • • JWT tokens with secure HTTP-only cookies
  • • Bcrypt password hashing with salt rounds
  • • Rate limiting on authentication endpoints

Data Handling

  • • Audio files processed in memory only
  • • Automatic deletion after processing
  • • No training on user data
  • • Minimal metadata collection

Infrastructure

  • • Hosted on secure cloud infrastructure
  • • Regular security updates applied
  • • Monitoring for suspicious activity
  • • Database encryption at rest

Planned Security Enhancements

As we grow, we're committed to continuously improving our security posture:

  • SOC 2 certification (planned for when we have enterprise clients)
  • Penetration testing (when budget allows)
  • ISO 27001 (future consideration)
  • Dedicated security team (as we scale)

Security Questions?

If you have any security concerns or questions about how we protect your data, please don't hesitate to contact us.

Contact Security TeamPrivacy Policy