Privacy PolicyTerms & ConditionsSecurity PolicyLicense

Security Policy

Last updated: July 2025

At Shunya Labs, we take the security of your data and our systems seriously. This Security Policy outlines the measures we take to protect your information and our commitment to maintaining the highest security standards.

1. Data Encryption

We implement robust encryption practices:

  • Data in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
  • Data at Rest: All stored data is encrypted using AES-256 encryption
  • Audio Processing: Audio files are encrypted during processing and securely deleted after transcription
  • Database Security: All database connections use encrypted protocols

2. Infrastructure Security

Cloud Security

  • Hosted on secure, SOC 2 compliant cloud infrastructure
  • Regular security audits and penetration testing
  • Automated security monitoring and threat detection
  • Multi-factor authentication for all administrative access

Network Security

  • Firewall protection and intrusion detection systems
  • Regular security patches and updates
  • Network segmentation and access controls
  • DDoS protection and rate limiting

3. Access Controls

We maintain strict access controls:

  • Role-based access control (RBAC) for all systems
  • Regular access reviews and privilege management
  • Secure authentication mechanisms
  • Audit logging of all system access

4. Data Privacy & Retention

Audio Data Handling

  • Audio files are processed in real-time and not permanently stored
  • Temporary processing files are securely deleted within 24 hours
  • No audio content is retained after transcription is complete
  • Only aggregated, non-identifiable usage statistics are retained

Our data retention practices include:

  • Minimal data collection — only what's necessary for service delivery
  • Automated data deletion policies
  • Right to data deletion upon request
  • Regular purging of expired information

5. Compliance & Certifications

Standards Compliance

  • SOC 2 Type II compliance
  • GDPR compliance for EU users
  • CCPA compliance for California users
  • ISO 27001 security framework

Healthcare Compliance

  • HIPAA compliance for healthcare clients
  • Business Associate Agreements (BAA)
  • Protected Health Information (PHI) safeguards
  • Audit trails for healthcare use cases

6. Incident Response

  • 24/7 security monitoring and alerting
  • Rapid incident response team activation
  • Immediate containment and mitigation procedures
  • Transparent communication with affected users
  • Post-incident analysis and improvement

7. Employee Security

All team members undergo:

  • Background checks and security clearance
  • Regular security training and awareness programs
  • Signed confidentiality and security agreements
  • Principle of least privilege access

8. Responsible Disclosure

We welcome security researchers and the community to help us maintain the security of our platform. If you discover a vulnerability, please report it responsibly.

Report Security Issues

Please report vulnerabilities to: [email protected]

We commit to acknowledging your report within 24 hours and providing regular updates until resolution.

9. Contact Us

If you have questions about our security practices or policies, please contact us:

Security Team: [email protected]

General Inquiries: [email protected]

Address: 2810 N Church Street, Wilmington, Delaware 19802, USA