Security & Privacy

Your Conversations Are Sacred

We take the security of your data seriously. Here's exactly how we protect it.

Security Practices

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Your recordings and transcripts are never stored unencrypted.

Authentication

Multi-factor authentication required on all systems. Role-based access control with principle of least privilege.

Data Isolation

Row-level security ensures your data is completely isolated from other users. No cross-tenant data access.

No AI Training

Your conversation data is never used to train AI models. Period. We use Anthropic Claude's API with zero training on customer data.

Data Retention

You control your data. Delete anytime with full cascade deletion. 90-day retention after account cancellation, then permanent deletion.

Monitoring

24/7 automated security monitoring with alerting for unusual activity, failed authentication attempts, and system anomalies.

Our Technology Partners

We only work with providers that meet rigorous security standards.

AssemblyAI (Transcription)

SOC 2 Type II certified. All data encrypted. No retention after processing.

View security details

Anthropic (AI Analysis)

SOC 2 Type II certified. No training on customer data. API data deleted after processing.

View security details

Neon (Database)

SOC 2 Type II certified. PostgreSQL with row-level security. Encrypted at rest.

View security details

Cloudflare Pages (Hosting)

SOC 2 Type II certified. Global edge network. DDoS protection.

View security details

How Your Data Flows

Upload & Storage

You upload audio → encrypted in transit (TLS 1.3) → stored encrypted in Neon (AES-256)

Transcription

Audio sent to AssemblyAI over encrypted connection → transcribed → transcript returned encrypted

AI Analysis

Transcript sent to Anthropic Claude → analyzed for insights → results returned (no data stored by Anthropic)

Secure Access

All data stored encrypted → you access via secure HTTPS connection with authenticated session

Deletion

You delete → cascade deletion across all systems → data permanently removed from backups after 90 days

Our Security Roadmap

We're committed to achieving formal security certifications as we grow.

Current

Industry-standard security controls implemented across all systems

In Progress

SOC 2 readiness assessment and documentation

Planned

SOC 2 Type I certification

Future

SOC 2 Type II certification

Have security questions? Contact us at security@claritycall.app

Report a Vulnerability

If you've found a security issue, please email security@claritycall.app. We take all reports seriously and will respond within 24 hours.