We protect your meeting data with practical security measures and complete transparency
We're a solo-operated platform built with AI assistance, and we're completely transparent about our security. Our infrastructure is built entirely on enterprise-grade providers that hold SOC 2 Type II and/or ISO 27001 certifications. Most importantly: your meetings are yours alone - we never access, read, or train AI on your conversations.
Your password is encrypted using bcrypt, an industry-standard hashing algorithm. Even if someone accessed our database, they couldn't read your password.
We use JWT tokens for session management and support OAuth 2.0 with Google Sign In and Apple Sign In for secure, convenient access. Your login sessions expire automatically after 24 hours for added protection.
Each user's data is isolated in a SOC 2 Type II and ISO 27001 certified cloud database. Your meetings, transcripts, and insights are separated from other users and only accessible with your credentials.
Your meeting data is protected with AES-256 encryption at rest - the same standard used by banks and government agencies. Audio recordings are stored in SOC 2 Type II and ISO 27001 certified cloud storage. Even if someone accessed our servers, your data would be unreadable.
All data transmitted between your device and our servers uses HTTPS/TLS encryption, protecting your information in transit.
Your data is automatically backed up with point-in-time recovery capability. If anything goes wrong, we can restore your meetings without data loss.
Only you can access your meetings and transcripts. There are no "admin" backdoors or support access to your conversations.
As a solo operator, I never review, read, or access your meeting content. Your business conversations remain completely private.
When AI processes your queries, only the specific question and relevant meeting context is sent to our AI providers - Claude by Anthropic and OpenAI. Your entire meeting database is never sent. Your data is never used to train AI models. Audio transcription is processed by Deepgram Nova-3 with zero data retention.
After 5 failed login attempts, your account is temporarily locked for 2 hours. This protects against brute force attacks trying to guess your password.
We only share data with essential services (like payment processing) and never sell or share your meeting content with anyone.
All payment processing is handled by PCI-compliant providers (Square and Apple). We never see or store your credit card information - it goes directly to these trusted payment processors.
CoLeaderAI is built on enterprise-grade, independently certified providers:
Powers meeting insights, search, and document generation. Your data is processed per-query and never used to train AI models. Both providers hold SOC 2 Type II certifications and maintain zero data retention policies for API usage.
Converts your audio to text with high accuracy. SOC 2 Type II certified with zero data retention after transcription completes.
All database, storage, and hosting providers hold SOC 2 Type II and/or ISO 27001 certifications. Data is encrypted at rest (AES-256) and in transit (TLS). Distributed across multiple server replicas for reliability.
PCI DSS Level 1 compliant. All payment processing is handled directly by Square (desktop) and Apple (iOS). We never see or store your credit card information.
CoLeaderAI is independently operated and was built through AI collaboration. While CoLeaderAI itself does not hold its own SOC 2 certification, every infrastructure provider we rely on does. We chose our providers specifically for their enterprise-grade security posture, so your data is protected at every layer.
Have security questions or concerns?
security@coleaderai.com