Where is my meeting data stored?

EU data residency by default (Germany or Finland). US and Asia-Pacific regions are available on enterprise request. Your data stays in the selected region on a dedicated, single-tenant instance.

How is VoxeNova data encrypted?

Every instance uses LUKS full-disk encryption with per-customer keys, TLS 1.2+ in transit, and SSH certificate-authority authentication (no passwords).

Does VoxeNova train AI models on my meeting data?

No. AI processing runs via AWS Bedrock (SOC 2, ISO 27001) and customer meeting data is never used to train models.

Who can access my data?

A tiered access model with dual authorization is required for any direct data access, with append-only audit logging and MFA-protected, role-based administrative access.

Is VoxeNova GDPR compliant?

Yes — GDPR-ready with configurable retention, deletion tracking, a DPA, and full data-subject rights. Sub-processors are limited to Stripe (payments) and AWS Bedrock (AI).

Does VoxeNova store the raw audio of my meetings?

No. Call audio is processed in memory only. We do not persist the inbound voice stream or the AI facilitator's spoken responses to disk or object storage; transcripts (text) are stored per your configured retention policy.

VoxeNova — Security

🔒

Encrypted at Rest

LUKS full-disk encryption on every customer instance. Per-customer unique encryption keys managed via Fernet-encrypted secrets delivery.

🏭

Tenant Isolation

Dedicated VM per customer with separate database, Redis instance, and firewall rules. No shared infrastructure between tenants.

🌐

Data Residency

EU data residency by default (Germany or Finland). US and Asia-Pacific regions available on enterprise request. Data stays in your selected region.

🛡

Access Control

Tiered access model (3 levels), SSH certificate authentication, and dual authorization required for any direct data access.

📋

Audit Trail

Append-only audit logging with actor fingerprinting. Every administrative action is recorded with timestamp, actor, and context.

🔐

MFA Admin

Multi-factor authentication required for all administrative access. TOTP-based MFA with role-based access control.

🎤

Call audio: memory only

VoxeNova does not persist call audio. The inbound voice stream and the AI facilitator's spoken responses both pass through memory only — we transcribe in real time, then drop the bytes. Transcripts (text) follow your retention policy.

How We Protect Your Data

NET

Network Security

Cloudflare WAF and DDoS protection in front of every instance. Firewall rules restrict all traffic to Cloudflare IP ranges only — no direct server access from the public internet.

TLS

Transport Security

TLS 1.2+ enforced on all connections. SSH Certificate Authority authentication (no passwords). All internal service communication encrypted in transit.

DSK

Storage Encryption

LUKS-encrypted volumes on every instance. Per-customer unique secrets delivered via Fernet-encrypted blobs. Database credentials isolated with .pgpass per instance.

AI

AI Processing

All AI processing runs via AWS Bedrock (SOC 2, ISO 27001 compliant). Meeting data stays in the selected data region. No training on customer data.

GDP

Compliance

GDPR-ready with configurable data retention, deletion tracking, and DPA acceptance fields. Full data subject rights support (access, rectification, erasure, portability).

Sub-processor Transparency

We are transparent about every third-party service that processes your data.

Processor	Purpose	Compliance
Stripe	Payment processing	PCI DSS Level 1
AWS Bedrock	AI processing	SOC 2, ISO 27001
Recall.ai	Meeting bot	SOC 2
Deepgram	Speech-to-text	SOC 2
Cartesia	Text-to-speech	SOC 2
Hetzner Cloud	Infrastructure	ISO 27001

Questions About Security?

We are happy to discuss our security practices in detail, provide additional documentation, or schedule a security review call with your team.

Contact security@voxenova.com View DPA

Enterprise-Grade Security