# The Real Talk *Security & privacy without the gloss · last updated 18 June 2026* Most "enterprise security" copy is written to pass a checklist, not to protect you. So here's the honest version — what actually moves the needle, what's mostly theater (the stuff we do included), and exactly where we can and can't see your data. If a claim here ever stops being true, it's a bug. ## What actually protects your data These are the things that change the outcome if something goes wrong. Each one is live, not a roadmap: - **Encryption at rest with a key unique to your organisation — on by default.** Your meeting content and audio are encrypted in the database with your org's own key. This is application-level, not just "the disk is encrypted." - **Our off-site backups hold ciphertext, not your meetings.** The master key that unlocks the data lives only in the live cluster's secret store — it is never written into a backup. A stolen backup is mathematically useless without it. - **Crypto-shred erasure.** We can destroy your org's key — instantly making all of your encrypted data unreadable on live systems, and unrecoverable from backups once it's purged from the separate key store. "Deleted" means deleted. - **EU hosting, EU jurisdiction** (Germany), with every sub-processor named on the [Data flows](/data-flows.md) page — including which ones can and can't use your data. - **No meeting bot** joining your calls, **no training** on your meetings (contractual, not just a promise), **bring-your-own-keys**, and a **self-hosted** mode where your audio never reaches us at all. ## Where we draw the honest line Here's the part most vendors won't print: **to turn your audio into a transcript and a summary, a computer has to read it in the clear.** During that processing your data is decrypted in memory — on our servers, and (unless you self-host or bring your own keys) briefly at the AI provider that does the transcription/summarisation. That means: - We are **not "zero-knowledge" / not end-to-end encrypted** while running cloud AI. **Nobody doing cloud meeting-AI is**, no matter what the homepage says. Encryption protects your data *at rest* and *in backups* — not from a server that's actively processing it. - If you need "the vendor genuinely cannot read it," the only real answers are running the AI on **your** hardware (self-host) or inside hardware-attested secure enclaves. A passphrase on top of a cloud service that still processes your data is not that. ## What's mostly theater — ours included If a vendor (us included) leans on these, ask what they actually *do*: - **"AES-256 encryption!"** — Fine, but the only questions that matter are *who holds the key* and *who can read it during processing*. The cipher is never the weak link. - **Compliance badges (SOC 2, ISO, …)** — Evidence of *process*, not of whether the vendor can read your data. Useful, not the same as security. - **"Customer-managed keys"** — Often the vendor still holds a copy and can decrypt anytime. Real control is the ability to *revoke* (and the vendor losing access). - **"Zero-knowledge" on a cloud AI product** — Can't be true while a model reads your words to summarise them. We won't claim it. - **"Bank-grade / military-grade"** — Marketing words with no technical meaning. Ignore them. ## The honest roadmap Things we think are real, that we haven't built yet — and we'll tell you when we have: - **Confidential computing** (hardware-attested secure enclaves): the genuine way to process your data so even we can't read it in memory. Maturing fast; not something we run today. - **Customer-revocable keys** for organisations that need to pull the plug on vendor access for incident response or compliance — pitched as exactly that, revocation, not "we can't see it." ## Questions to ask any vendor (including us) - Can you read my data? If so, **when** — at rest, during processing, in backups? - Where does my audio actually go, and which third parties touch it? (Ours: [Data flows](/data-flows.md).) - If I leave, can you **prove** deletion — including backups? - Is it *really* end-to-end encrypted during processing? (If it's cloud AI, the honest answer is no.) - What happens to my data if your storage bucket leaks tomorrow? If those answers are vague, that's the tell. Ours are on the [Privacy](/privacy.md) and [Data flows](/data-flows.md) pages, and we'll answer anything else straight. --- *Markdown edition for AI assistants — canonical page: [https://lexicanon.com/real-talk](https://lexicanon.com/real-talk) · Lexicanon.*