SCRIBESBack to Home
Security

Security at SCRIBES

Security is at the core of everything we do. Learn how we protect your meeting data.

Encryption

AES-256 encryption at rest, TLS 1.3 in transit

SOC 2 Type II

Independently audited security controls

Access Controls

Role-based permissions and audit logging

Infrastructure

Enterprise-grade cloud infrastructure

Compliance

GDPR, CCPA, and HIPAA ready

SSO & SAML

Enterprise identity management

Data Encryption

All your data is encrypted both at rest and in transit:

  • At Rest: AES-256 encryption for all stored data
  • In Transit: TLS 1.3 for all network communications
  • Key Management: Secure key rotation and storage using HSMs

Infrastructure Security

Our infrastructure is built on enterprise-grade cloud platforms with:

  • Geo-redundant data centers with 99.99% uptime SLA
  • DDoS protection and web application firewall
  • Network isolation and VPC security groups
  • Automated security patching and updates
  • 24/7 infrastructure monitoring and alerting

Access Controls

We implement strict access controls at every level:

  • Role-Based Access: Granular permissions for team members
  • Multi-Factor Authentication: Required for all accounts
  • SSO Integration: Support for SAML, OAuth, and OIDC
  • Audit Logging: Complete activity logs for compliance
  • Session Management: Automatic timeout and device tracking

Compliance & Certifications

SCRIBES maintains compliance with major security standards:

  • SOC 2 Type II: Annual independent audit of security controls
  • GDPR: Full compliance with EU data protection regulations
  • CCPA: California Consumer Privacy Act compliance
  • HIPAA: BAA available for healthcare organizations

Meeting Data Protection

Special measures for your meeting content:

  • Recordings are processed in isolated environments
  • Transcripts are encrypted with customer-specific keys
  • Automatic data deletion based on retention settings
  • No use of customer data for AI training without consent
  • Geographic data residency options (US, EU, APAC)

Vulnerability Management

We take a proactive approach to security:

  • Regular penetration testing by third-party firms
  • Automated vulnerability scanning
  • Bug bounty program for responsible disclosure
  • Security-focused code reviews
  • Dependency monitoring and updates

Incident Response

Our incident response plan includes:

  • 24/7 security operations center monitoring
  • Defined escalation and notification procedures
  • Regular incident response drills
  • Post-incident analysis and improvement
  • Customer notification within 72 hours of confirmed breaches

Employee Security

Our team follows strict security practices:

  • Background checks for all employees
  • Security awareness training
  • Least-privilege access principles
  • Secure development training for engineers
  • Clean desk and device encryption policies

Contact Security Team

For security questions or to report vulnerabilities:

  • Email: security@scribes.app
  • Bug Bounty: hackerone.com/scribes