AI Meetings
Security at AI Meetings

Your data is yours.

Meeting data is encrypted end-to-end, purged automatically, and never used for AI training. Here is exactly how we protect it.

AES-256-GCM encryption
Per-user keys. Even we cannot read your data.
Automatic data purge
Ephemeral data deleted when meetings end. Signed certificates prove it.
SOC 2 aligned
Audit logging, access controls, and incident response procedures.

Encryption

At restAES-256-GCM with per-user keys

When you register, a unique 256-bit Data Encryption Key (DEK) is generated for you. This key is encrypted using a key derived from your password via PBKDF2 (100,000 iterations, SHA-256). Your DEK is never stored in plaintext.

Every piece of sensitive data — transcripts, AI responses, documents, briefings, working memory — is encrypted individually with your DEK before being written to our database. Even with full database access, your content cannot be read without your password.

In transitTLS 1.2+

All connections use TLS 1.2 or higher. We enforce HSTS with a 1-year max-age. Cookies are httpOnly, secure, and sameSite: lax.

Passwordsbcrypt, 12 rounds

Passwords are hashed with bcrypt (12 rounds) and compared using timing-safe functions to prevent timing attacks.

API keysHMAC-SHA256

API keys are hashed with HMAC-SHA256 before storage. We never store plaintext keys. All comparisons use crypto.timingSafeEqual().

Data lifecycle & purge

Post-meeting automatic purge

When a meeting ends, the following data is permanently and irreversibly deleted:

  • Document chunks and vector embeddings
  • Raw document text from uploads
  • Pre-read research caches (web research, context queries)
  • Uploaded files from server storage
  • Diagnostic and telemetry events

Deletion certificates

Every deletion generates a cryptographically signed certificate documenting:

  • Exactly what data was deleted (transcript entries, chunks, documents, responses, etc.) with counts
  • What data was intentionally retained (billing records, soft-deleted metadata)
  • When the deletion occurred
  • HMAC-SHA256 signature to prove the certificate is authentic and unmodified

Verify any deletion certificate via our API at GET /api/certificates/:id.

Account deletion

When you delete your account, all associated data is permanently removed. Each meeting receives its own deletion certificate.

Access controls

Authentication

Sessions use JWT tokens stored in httpOnly cookies with 7-day expiry. Rate limiting protects all authentication endpoints: 10 login attempts per 5 minutes, with Redis-backed tracking per IP.

Multi-tenant isolation

Tenant data is strictly isolated. API keys are scoped to specific tenants with granular permissions. Meeting ownership is verified on every request.

Webhook security

All webhooks are verified with HMAC-SHA256 signatures and timestamp-based replay protection (5-minute window).

Audit logging

We maintain a tamper-evident audit trail of security-relevant events:

  • Authentication events — successful logins, failed login attempts (with reason), account deletions
  • Data lifecycle events — meeting deletion (with deletion certificate ID), ephemeral data purge, interview data purge
  • Administrative actions — API key creation/revocation, tenant configuration changes

Each audit log entry records the action, actor, affected resource, IP address, and user agent. Audit logs are append-only.

Infrastructure & headers

Security headers

  • Strict-Transport-Security — HSTS with 1-year max-age
  • Content-Security-Policy — restricts script, style, and connection sources
  • X-Frame-Options: DENY — prevents clickjacking
  • X-Content-Type-Options: nosniff — prevents MIME sniffing
  • Referrer-Policy: strict-origin-when-cross-origin
  • Permissions-Policy — camera and geolocation disabled, microphone self-only

Logging & PII protection

All structured logs automatically redact sensitive fields: passwords, tokens, API keys, authorization headers, and cookies.

Third-party processors

ProcessorPurposeRetentionCompliance
OpenAIAI responses (text & voice)API data not used for trainingSOC 2 Type II
Recall.aiMeeting bot (joins video calls)No retentionSOC 2 · ISO 27001 · GDPR · HIPAA
Deepgram(opt-in)Enhanced transcriptionZero retentionSOC 2 Type II · HIPAA · GDPR
StripePayment processingPer Stripe policyPCI DSS L1 · SOC 2 Type II
RenderApplication & database hostingEncrypted at restSOC 2 Type II

We do not sell your data. We do not use your meeting content to train AI models.

Incident response

We follow a structured incident response process:

§1
Detection
Automated monitoring for anomalous authentication patterns, unexpected data access, and infrastructure alerts.
§2
Triage & classification
Incidents classified by severity (P1–P4). P1 (data breach) triggers immediate response. P2 (potential exposure) within 4 hours.
§3
Containment & eradication
Isolate affected systems, revoke compromised credentials, patch vulnerabilities. All actions logged in the audit trail.
§4
Notification & recovery
Affected users notified within 72 hours (GDPR). Systems restored from verified backups. Post-incident review within 5 business days.

To report a security vulnerability, email security@aimeetings.net. We respond within 24 hours.

Our promise

  • Your meeting content is never used to train AI models.
  • Your data is encrypted so that even we cannot read it.
  • Ephemeral data is permanently purged when meetings end.
  • Every deletion produces a cryptographically signed certificate you can verify.
  • We maintain an append-only audit trail of all security-relevant events.