Security & Trust - Meeting Copilot

Security & trust

Your meetings are private.
Your data is yours alone.

A short, plain-spoken account of how we protect what you say and what you upload.

№ 01

All audio and data is encrypted in transit using TLS 1.3 and at rest using AES-256.

№ 02

Recording only happens when you press Start. No passive listening, ever.

№ 03

We're working toward SOC 2 Type II certification for enterprise-grade controls.

№ 04

Hosted on AWS with defence-in-depth, hardware isolation, and automated patching.

№ 05

Your data, your rights. Access, export, and deletion on demand.

№ 06

Our AI providers are contracted to never train on calls or documents you share.

Audio processing: Audio is streamed directly to OpenAI’s Realtime API using ephemeral tokens. We do not store raw audio unless you explicitly enable audio retention.
Transcripts: Transcripts are stored encrypted in our database. You control retention periods (30, 90, or 365 days) and can delete transcripts at any time.
Documents: Uploaded documents are processed, chunked, and embedded for retrieval. Originals are stored encrypted with access controls.

OpenAI: AI processing with data processing agreements — no training on your data.
Supabase: Secure PostgreSQL database with row-level security.
Stripe: PCI-compliant payment processing.
AWS: Cloud infrastructure with SOC 2 and ISO 27001 certifications.

GDPR: We comply with EU data protection regulations. Users have rights to access, export, and delete their data.
CCPA: California residents have additional privacy rights under CCPA.
Recording laws: Users are responsible for obtaining proper consent. We provide visible indicators and notifications to help with compliance.

Notification: Affected users are notified within 72 hours of a confirmed breach.
Remediation: We work with security experts to contain and remediate.
Transparency: Post-incident reports are published openly.
Legal: We comply with all breach notification laws.