Security at RealtimeVoiceKIT

Your data is encrypted in transit with TLS, and stored on infrastructure that encrypts data at rest. Connections to our website and API use HTTPS.

No method of transmission or storage is completely secure, but we use industry-standard protections and review them as the service evolves.

Account passwords are hashed with bcrypt and never stored in plain text. Sessions use signed tokens, and developer API keys are stored only as hashes, so the full key is shown to you once and never persisted in readable form.

Tokens for connected cloud accounts (such as Dropbox or OneDrive) are encrypted at the field level before they are stored, so a database snapshot alone never exposes live credentials.

RealtimeVoiceKIT runs on Google Cloud, using managed services for compute, database, and file storage in a reputable, access-controlled environment. We limit internal access to production data to what is needed to operate the service.

Subscription payments are handled by Stripe, a PCI-DSS Level 1 certified payment processor. Card details are entered on Stripe's hosted checkout and never touch our servers, so we do not store card numbers.

We do not use your uploaded audio, video, or transcripts to train models, and we do not sell your personal information. Our cookie banner gives you granular control over analytics, and we honor Global Privacy Control as an automatic opt-out.

Anonymous demo transcripts created on our marketing site are deleted automatically after a short retention window unless you save them to an account.

You can export a full copy of your data at any time, delete individual transcripts, or permanently delete your account and the data associated with it from your account settings.

See our Privacy Policy for how we collect and use data, and our Sub-processors page for the providers that help us run the service.

If you believe you have found a security vulnerability, please email support@realtimevoicekit.com with the subject "Security" and we will respond promptly.