The Real Talk

Security & privacy without the gloss · last updated 18 June 2026

Most "enterprise security" copy is written to pass a checklist, not to protect you. So here's the honest version — what actually moves the needle, what's mostly theater (the stuff we do included), and exactly where we can and can't see your data. If a claim here ever stops being true, it's a bug.

What actually protects your data

These are the things that change the outcome if something goes wrong. Each one is live, not a roadmap:

Encryption at rest with a key unique to your organisation — on by default. Your meeting content and audio are encrypted in the database with your org's own key. This is application-level, not just "the disk is encrypted" (that only helps if someone steals the physical drive; it does nothing against a leaked database).
Our off-site backups hold ciphertext, not your meetings. The master key that unlocks the data lives only in the live cluster's secret store — it is never written into a backup. A stolen backup is mathematically useless without it.
Crypto-shred erasure. We can destroy your org's key — instantly making all of your encrypted data unreadable on live systems, and unrecoverable from backups once it's purged from the separate key store. "Deleted" means deleted, not "flagged hidden."
EU hosting, EU jurisdiction (Germany), with every sub-processor named on the Data Flows page — including which ones can and can't use your data.
No meeting bot joining your calls, no training on your meetings (contractual, not just a promise), bring-your-own-keys, and a self-hosted mode where your audio never reaches us at all.

Where we draw the honest line

Here's the part most vendors won't print: to turn your audio into a transcript and a summary, a computer has to read it in the clear. During that processing your data is decrypted in memory — on our servers, and (unless you self-host or bring your own keys) briefly at the AI provider that does the transcription/summarisation. That means:

We are not "zero-knowledge" / not end-to-end encrypted while running cloud AI. Nobody doing cloud meeting-AI is, no matter what the homepage says. Encryption protects your data at rest and in backups — not from a server that's actively processing it.
If you need "the vendor genuinely cannot read it," the only real answers are running the AI on your hardware (self-host) or inside hardware-attested secure enclaves — see the roadmap below. A passphrase on top of a cloud service that still processes your data is not that.

What's mostly theater — ours included

If a vendor (us included) leans on these, ask what they actually do:

"AES-256 encryption!"

Fine — but the only questions that matter are who holds the key and who can read it during processing. The cipher is never the weak link.

Compliance badges (SOC 2, ISO, …)

Evidence of process, not of whether the vendor can read your data. Useful, not the same as security. We'll pursue what's genuinely useful, and won't wave a logo as proof.

"Customer-managed keys"

Often the vendor still holds a copy and can decrypt anytime. Real control is the ability to revoke (and the vendor losing access) — we'll build that the honest way when a customer needs it, and say plainly that it's a revocation lever, not secrecy.

"Zero-knowledge" on a cloud AI product

Can't be true while a model reads your words to summarise them. We won't claim it. (See the line above.)

"Bank-grade / military-grade"

Marketing words with no technical meaning. Ignore them.

The honest roadmap

Things we think are real, that we haven't built yet — and we'll tell you when we have:

Confidential computing (hardware-attested secure enclaves): the genuine way to process your data so even we can't read it in memory. Maturing fast; not something we run today.
Customer-revocable keys for organisations that need to pull the plug on vendor access for incident response or compliance — pitched as exactly that, revocation, not "we can't see it."

Questions to ask any vendor (including us)

Can you read my data? If so, when — at rest, during processing, in backups?
Where does my audio actually go, and which third parties touch it? (Ours: Data Flows.)
If I leave, can you prove deletion — including backups?
Is it really end-to-end encrypted during processing? (If it's cloud AI, the honest answer is no.)
What happens to my data if your storage bucket leaks tomorrow?

If those answers are vague, that's the tell. Ours are on the Privacy and Data Flows pages, and we'll answer anything else straight.

Want the unglamorous, accurate version of anything here for your security review? Ask — we'd rather tell you the real trade-offs than win on a claim we can't stand behind. Book a demo or read the Data Flows.