All kinds of important conversations happen in your meetings. We combine enterprise-grade security features with regular audits to keep your team protected.
Vowel regularly conducts audits to ensure compliance with industry best practices.
Vowel is SOC2 Type I certified, with Type II in progress. We can provide you with a third-party attestation report that covers our security, availability, confidentiality, and privacy practices.
Data Center & Network Security
Vowel hosts its software in Amazon Web Services (AWS) facilities in the United States. See Amazon’s compliance and security documents for detailed information on their compliance and regulatory assurances, including SOC 13, and ISO 27001.
Vowel servers are located within Vowel’s virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.
Vowel conducts third-party network vulnerability scans at least annually.
Vowel conducts application penetration testing by a third-party at least annually.
Vowel supports Google SSO, enabling you to authenticate users without requiring them to enter login credentials for Vowel. Other SAML/SSO options are on the roadmap; please reach out if this is of interest to your organization.
We can provide audit logs to Workspace admins on our Enterprise plan.
All connections to Vowel are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS.
All data (including meeting recordings and transcripts) is encrypted at rest and in transit.
System passwords are encrypted using AWS KMS with restricted access to specific production systems.
We leverage AWS KMS to create unique, custom encryption keys for your Vowel workspace, ensuring that any user generated content or media is encrypted with an additional layer of security that further sequesters and protects company data.
We use industry-standard Amazon Aurora, PostgreSQL and Elastic Search data stores, hosted and managed by AWS. Additionally, we run Apache Kafka and Redis, also managed by AWS.
Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege.
Access to the AWS production system is restricted to authorized personnel only, and is accessible solely via secure tunneling, as all datastores and API endpoints are deployed only to private subnets, allowing no direct access.
We will implement a custom data retention duration for customers on our Enterprise plan (direct configuration coming soon). Customer data can be purged from Vowel systems subsequent to contract termination, upon request.
Vowel’s use of information received from Google APIs (transcription) adhere to Google API Services User Data Policy, including the Limited Use requirements.
All access to Vowel applications is logged and audited. Logs are kept for at least one year.
Vowel maintains a formal incident response plan for major events. We track and publicly report on incidents here.
Vowel security policies are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities. Vowel policies are audited annually as part of its SOC2 certification.
Employee hiring process includes background screening.
Vowel maintains a publicly available system-status webpage which includes system availability details, scheduled maintenance, service incident history, and relevant security events.
Vowel is finalizing the following:
SOC 2 Type II