Try Speak Free Book a Demo Login

Privacy Overview

Security & Privacy

Your data is yours. Always.

Speak AI is built on a simple principle: we make money when you pay for a great product, not by selling or training on your data. Here is exactly how we protect what you share with us.

Encrypted at rest & in transit

No AI model training on your data

Delete your data anytime

BAAs with AI providers

Your data is personal

We do not own your data. Audio, video, and text you upload remain yours. We only use it to operate the service: storing, indexing, transcribing, and analyzing as you direct. If the content was yours before you uploaded it, it stays yours after.

Your data is encrypted

Everything in Speak is private by default. Data is encrypted at rest and in transit using industry-standard protocols. We provide two-factor authentication, redundant storage, and regular security monitoring. We never sell your content to third parties.

Your data is accessible

No vendor lock-in. Export all your data at any time in multiple formats including DOCX, PDF, SRT, VTT, CSV, and JSON. We are motivated to build a great product so you stay because you want to, not because you are trapped.

AI & Your Data

We do not train AI models on your data

This is the question everyone asks in 2026, and our answer is straightforward: your content is never used to train AI models. Not ours, not our providers’. We have Business Associate Agreements (BAAs) with our AI infrastructure partners that contractually prohibit model training on customer data.

When you use features like transcription, AI Chat, or summaries, your data is sent to our providers solely to process your request and return results. It is not stored by them for training purposes.

We may review anonymized usage patterns and debug transcription or AI Chat interactions to improve the accuracy of our prompts, instructions, and overall in-app experience. This is operational improvement, not model training. Your content is not extracted, aggregated, or fed into training datasets.

When you use features like Custom Vocabulary or configure AI Agents with custom instructions, you are choosing to provide data that shapes how AI models respond within your account. This is user-directed and stays within your account context.

  • Your content is never used for model training
  • BAAs in place with OpenAI and Anthropic
  • AI providers process data only to serve your requests
  • We debug and improve prompts, not train models
  • Custom Vocabulary and AI Agent configs are user-directed
  • We never sell your data to anyone

Data Residency

Where your data lives and flows

Your files and account data are stored in Canada Central (MongoDB) and US North (AWS) regions. All storage uses encrypted, redundant infrastructure with automated backups.

When you use features like transcription and AI analysis, your content is processed by our infrastructure partners. Processing may occur in the United States, even if your primary data is stored in Canada. This is standard for cloud AI services and is governed by our data processing agreements.

For organizations with specific regional data requirements, enterprise plans offer the ability to discuss custom data residency configurations. Contact us at success@speakai.co to discuss your requirements.

  • Primary storage: Canada Central & US North
  • Encrypted at rest with regular key rotation
  • Encrypted in transit via TLS/HTTPS
  • Redundant servers and off-site backups
  • AI processing may occur in the US
  • Enterprise: custom residency options available

Compliance

Honest about where we are

We believe in being transparent about our compliance posture rather than overstating certifications. Here is exactly where we stand.

Active

HIPAA Security Controls

Speak AI completed a HIPAA compliance assessment in 2021 and maintains the security controls and practices established during that process. We execute Business Associate Agreements (BAAs) with our AI infrastructure providers including OpenAI and Anthropic. Organizations with specific HIPAA requirements should contact us to discuss their compliance needs.

Active

PIPEDA (Canada)

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act. This governs how we collect, use, and disclose personal information in the course of commercial activities.

Maintained

GDPR Alignment

We maintain data processing practices aligned with GDPR requirements. For EU data transfers, we use Standard Contractual Clauses. EU-based users can request data export or deletion through their account settings or by contacting us.

Maintained

CCPA Alignment

We maintain practices aligned with the California Consumer Privacy Act. California residents have the right to know what personal information we collect, request deletion, and opt out of data sales. We do not sell personal information.

Third-Party Providers

Who processes your data and why

We use trusted infrastructure partners to deliver the Speak AI service. Each provider is contractually bound to protect your data and limited to their specific function.

Amazon Web Services (AWS)
Cloud infrastructure, file storage, transcription
MongoDB Atlas
Database hosting (Canada Central)
Microsoft Azure
Speech services, transcription
OpenAI
AI Chat, summaries, analysis (BAA in place)
Anthropic (Claude)
AI Chat, summaries, analysis (BAA in place)
Google Cloud / Gemini
AI Chat, summaries, analysis
Deepgram
Transcription engine
AssemblyAI
Transcription engine
Stripe
Payment processing
Intercom
Customer support, help documentation
Google Analytics
Website analytics
Amplitude
Product analytics
SendGrid
Transactional email delivery
LogRocket
Session replay and error monitoring

Your Rights

You are in control

Access and export

Download all your data at any time. Speak supports export in TXT, DOCX, PDF, SRT, VTT, JSON, CSV, and HTML formats. Bulk export is available for your entire library.

Deletion

Delete individual files, folders, or your entire account through Settings > Data Management. When you delete content, it is removed from our active systems. It may persist in encrypted backups for a limited retention period before being permanently purged.

Data portability

Your transcripts, analyses, and media files are yours. Export them and take them to any other service. We have no interest in locking you in.

Opt out of communications

Unsubscribe from marketing emails at any time via the link in any email. We will still send essential account and service communications.

  • Export in 8+ formats
  • Bulk export your entire library
  • Delete files, folders, or your full account
  • PII redaction available on exports
  • Two-factor authentication available
  • No vendor lock-in

Security Practices

How we protect your data

Encryption

All data encrypted at rest using industry-standard AES encryption. All data in transit encrypted via TLS/HTTPS. Encryption keys are rotated regularly.

Access controls

Role-based access within your team. Two-factor authentication available for all accounts. Our internal access follows least-privilege principles.

Vulnerability monitoring

Automated dependency scanning and vulnerability assessments through our development pipeline. We monitor for security advisories across our technology stack and apply patches promptly.

Incident response

Documented incident response procedures. In the unlikely event of a data breach that creates a real risk of harm, we will notify affected users as required by applicable law.

Read the full details

This overview is a plain-language summary of our data practices. For the complete legal terms, read our full policy documents.

Privacy Policy
Terms of Service

Questions about security or privacy? Contact us at success@speakai.co

Privacy Policy
Terms of Service
Security Documentation
AI Meeting Assistant
Automated Transcription