Trust & Compliance
Attribution-first, citation-grade, EU-resident, and conservative by default — so trust is a setting you can verify, not a promise you have to take on faith.
Transcript turns are attributed to the speaker who said them, and every extracted artefact — each decision, action item, requirement, and risk — links back to the exact source moment it came from. You can always trace a claim to who said it and where.
Each customer runs on a dedicated, single-tenant instance in a region you choose — EU (Germany or Finland), US, or Asia-Pacific. Data stays in-region, on LUKS full-disk-encrypted storage, with TLS in transit and certificate-based SSH access.
Emotion analysis is off by default and fully customer-controlled. Voice and face analysis are auto-disabled in EU regions in line with the EU AI Act's workplace emotion-recognition provisions, and there's a global kill switch. You choose the tier; the conservative default chooses for you.
AI processing runs via AWS Bedrock (SOC 2, ISO 27001). Your meeting content is used to produce your artefacts — it is never used to train AI models. Sub-processors are limited and disclosed.
VoxeNova is GDPR-ready: configurable retention, deletion tracking, a Data Processing Agreement, and support for data-subject access and erasure requests. Administrative access is role-based and MFA-protected, with append-only audit logging; any direct data access requires tiered, dual authorization.
VoxeNova joins as a clearly-identified participant. Capture, retention, and any optional analysis tiers are configurable by the customer, so you can match your own consent and notice obligations in the regions where you operate.
The security page covers tenant isolation, encryption, residency, and sub-processors in full.
See Security