All kinds of important conversations happen in your meetings. We combine enterprise-grade security features with regular audits to keep your team protected.
Vowel regularly conducts audits to ensure compliance with industry best practices.
Vowel is SOC2 Type II certified. We can provide you with a third-party attestation report that covers our security, availability, confidentiality, and privacy practices. This report is available upon request under NDA for qualified customers.
Data center & network security
Vowel hosts its software in Amazon Web Services (AWS) facilities in the United States. See Amazon’s compliance and security documents for detailed information on their compliance and regulatory assurances, including SOC 13, and ISO 27001.
Vowel servers are located within Vowel’s virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.
Vowel conducts third-party network vulnerability scans at least annually.
Vowel conducts application penetration testing by a third-party at least annually.
Vowel supports Google SSO, enabling you to authenticate users without requiring them to enter login credentials for Vowel. Other SAML/SSO options are on the roadmap; please reach out if this is of interest to your organization.
We can provide audit logs to Workspace admins on our Enterprise plan.
Use of Vowel AI requires securely transmitting data to OpenAI in order to support end-user related features. OpenAI does not use customer data submitted by Vowel to train or improve their models. Vowel and OpenAI (as well as all of its partners) take privacy very seriously, and make every effort to keep this data secure, ensuring that all data is always encrypted at rest and during transport, in keeping with our general security best practices and policies.
All connections to Vowel are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS.
All data (including meeting recordings and transcripts) is encrypted at rest and in transit.
System passwords are encrypted using AWS KMS with restricted access to specific production systems.
We leverage AWS KMS to create unique, custom encryption keys for your Vowel workspace, ensuring that any user generated content or media is encrypted with an additional layer of security that further sequesters and protects company data.
We use industry-standard Amazon Aurora, PostgreSQL and Elastic Search data stores, hosted and managed by AWS. Additionally, we run Apache Kafka and Redis, also managed by AWS.
Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege.
Access to the AWS production system is restricted to authorized personnel only, and is accessible solely via secure tunneling, as all datastores and API endpoints are deployed only to private subnets, allowing no direct access.
We will implement a custom data retention duration for customers on our Enterprise plan (direct configuration coming soon). Customer data can be purged from Vowel systems subsequent to contract termination, upon request.
Vowel’s use of information received from Google APIs (transcription) adhere to Google API Services User Data Policy, including the Limited Use requirements.
All access to Vowel applications is logged and audited. Logs are kept for at least one year.
Vowel maintains a formal incident response plan for major events. We track and publicly report on incidents here.
Vowel security policies are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities. Vowel policies are audited annually as part of its SOC2 certification.
Employee hiring process includes background screening.
Vowel maintains a publicly available system-status webpage which includes system availability details, scheduled maintenance, service incident history, and relevant security events.
Vowel is HIPAA-compliant, making it an ideal solution for healthcare and life sciences organizations. Vowel now has the capability to sign Business Associate Agreements (BAAs) with companies in the healthcare industry, ensuring that patient engagement solutions are secure and compliant. As a HIPAA-eligible platform, Vowel adheres to the necessary provisions of the HIPAA Security Rule as a business associate. With Vowel, organizations can rest assured that administrative, technical, and physical safeguards are in place to prevent unauthorized access or disclosure of protected health information (PHI) within the Vowel environment. Trust Vowel to provide a secure and reliable platform for your sensitive healthcare meetings.
Vowel is finalizing the following:
For any other questions, email us at firstname.lastname@example.org. If you have found a security-related issue, we are eager to hear about it. At the moment, we do not offer bug bounties, but we do guarantee plenty of good karma.