verified_userSecurity First

Trust & Security Center

Your IP is our priority. We are built for privacy-first forensic analysis.

1Security at a Glance

We treat your interview data as sensitive business intelligence. Our architecture is designed to meet the strict requirements of European GDPR and Enterprise security standards.

🇪🇺

GDPR Compliant

Native compliance for data sovereignty and user rights.

🔒

End-to-End Encryption

Your data is encrypted in transit and at rest.

🚫

No AI Training

We do not use your proprietary data to train our models.

🛡️

Role-Based Access

Strict internal controls on who can access infrastructure.

2AI Safety & Data Privacy

The #1 concern for founders is intellectual property theft. Here is how we protect your ideas.

memoryThe "Zero-Retention" AI Pipeline

  • arrow_forwardWhen you upload a file, it is processed by our AI partners (OpenAI Enterprise / Deepgram) via secure APIs.
  • arrow_forwardWe have signed "Zero-Data-Retention" agreements.
  • arrow_forwardThe AI models analyze your text in real-time and return the result.
  • arrow_forwardThey do not store your data to train their public models (like ChatGPT).
  • check_circleYour competitors will never benefit from your insights.

micVoice Data & Biometrics

Voice data is processed solely for Diarization (separating speakers). We do not build persistent biometric profiles across different accounts. Your voice fingerprint is isolated to your specific project workspace.

3Shared Responsibility Model

Security is a partnership. We secure the platform; you secure your usage.

cloud

Cluvo's Responsibility

The Processor

  • checkSecuring the Cloud Infrastructure (AWS/Vercel).
  • checkEncrypting the Database and File Storage.
  • checkVetting AI Sub-processors.
  • checkEnsuring Application Code Security.
person

Your Responsibility

The Controller

  • checkObtaining Consent: Ensuring all speakers agreed to be recorded.
  • checkAccess Management: Protecting your password and invite links.
  • checkData Hygiene: Deleting old projects when they are no longer needed.

4Infrastructure & Sub-processors

We rely on industry-standard, ISO 27001 certified infrastructure providers.

ProviderFunctionLocationCompliance
Vercel / AWSHosting & DatabaseUSA / EUSOC 2 Type II, ISO 27001
DeepgramAudio TranscriptionUSASOC 2 Type II, HIPAA
OpenAISemantic AnalysisUSASOC 2 Type II, Enterprise Privacy
StripePayment ProcessingGlobalPCI-DSS Level 1

Data transfers to US providers are protected by Standard Contractual Clauses (SCCs).

5Compliance Resources

Need formal documentation for your legal team?

description

DPA

Data Processing Agreement for B2B customers

policy

Privacy Policy

How we handle your data

gavel

Terms of Service

Terms and conditions

bug_report

Report a Vulnerability

If you believe you have found a security vulnerability in Cluvo, please report it immediately to our security team. We value white-hat research and respond within 24 hours.

mailcontact@cluvoai.com