TL;DR - We take privacy and security very seriously to ensure that your data is yours alone, not ours. The security measures we have in place to protect user data from unauthorized information access include:
Company security policies for all employees including: no password reuse, all password generated and stored in secure password management, use Google SSO whenever possible, 2FA enforced on all services
Only engineers with operational needs have access to production services
All metadata is stored in a database running in AWS with data encrypted at rest on AWS EBS and backups encrypted at rest in AWS S3
All recording files are stored encrypted at rest in AWS S3
All data between the client and server and between backend services is encrypted in transit using HTTPS.
All engineers are trained in privacy and security issues
During this early access phase, we will be utilizing Full-Story to analyze user activity and actions but we have configured the software to ensure that we do not capture or store any personally identifying information of non-registered users or the information typed into Grain notes, displayed in transcripts, or viewed/heard in recorded videos.