Skip to Content
DocumentationSecurity & LegalSecurity & Privacy

Security & Privacy

Your data is yours. We never use your content to train AI models or features for others—ever.

Data Privacy

Your Data is Yours

We never use your content to train AI models or features for others—ever. This is a core promise.

Each customer’s data and trained models are kept strictly separate in isolated environments. We will never use your data for any purpose outside of the products and services we provide directly to you.

End-to-End Security

All data is encrypted in transit and at rest, stored on secure infrastructure leveraging our primary cloud partner, Microsoft Azure.

Anonymized by Default

Any performance analytics are done on fully anonymized, aggregated data only.

Private by Design

No human review of your chats unless you explicitly opt in for support or feedback.

No Surprises

We don’t sell, share, or use your data for anything you didn’t agree to.

Security Measures

We employ industry-standard security measures, leveraging our primary cloud partner, Microsoft Azure.

Encryption

Data at Rest: AES-256 encryption for all stored data

Data in Transit: TLS 1.3 for all data transmission

Access Control

Principle of Least Privilege: Team members only have access to the data they need for their role

Role-Based Access Control (RBAC): Permissions are assigned based on job function

Multi-Factor Authentication (MFA): Required for all internal systems and administrative access

Secure by Design

Security is integrated into every phase of our development lifecycle, from initial design through deployment and maintenance.

Infrastructure Security

Microsoft Azure: Enterprise-grade cloud infrastructure with built-in security

Isolated Environments: Each customer’s data is kept in separate, isolated environments

Regular Security Audits: Ongoing security assessments and vulnerability testing

Incident Response: Established protocols for detecting and responding to security incidents

Compliance & Regulations

GDPR & CCPA Compliance

Our processes are designed to support our customers’ compliance with GDPR, CCPA, and other relevant data protection regulations.

What We Provide:

  • Data Processing Agreement (DPA) upon request
  • Full control over your data
  • Data export capabilities
  • Data deletion guarantees
  • Transparent data handling practices

Customer Responsibilities:

  • Ensuring proper consent from end users
  • Compliance with local regulations
  • Appropriate use of AI-generated content

HIPAA Compliance

We are not explicitly HIPAA-compliant. If you operate in a regulated industry like healthcare, we recommend consulting with your own legal advisors to ensure your use of our service is compliant with relevant regulations.

International Data Protection

We are committed to respecting data protection laws across jurisdictions. Contact us to discuss specific compliance requirements for your region.

Data Ownership

Customer Data Ownership

You (the Customer) own:

  • Your original Customer Content (the materials you provide for training)
  • The resulting Output (the conversations generated by the AI)

Steno.ai owns:

  • The Services, which includes our platform, proprietary models, algorithms, software, and APIs
  • The underlying technology and infrastructure

Output Considerations

While you own the specific Output generated for you, due to the nature of how large language models work, the Services may generate the same or similar output for other users. Your ownership of your Output does not prevent other users from receiving and using similar content generated by the AI.

Data Retention & Deletion

During Active Subscription

All conversation data, user information, and trained models are retained and available to you through the dashboard.

Upon Contract Termination

When you end your contract:

  1. Data Export: You can request that we export your user conversation data
  2. Secure Deletion: After export (or if you decline export), we will securely and permanently delete all of your data and your trained models from our systems
  3. Timeline: Deletion occurs within 30 days of contract termination

Backup Retention

Backup copies are maintained for disaster recovery purposes but are securely deleted according to our retention schedule (typically 90 days maximum).

Third-Party Data Sharing

We Never Share Your Data

We do not sell, rent, or share your customer data or training content with third parties.

Limited Service Providers

We use a limited number of trusted service providers (e.g., Microsoft Azure for infrastructure) who are contractually obligated to protect your data and use it only for providing services to us.

We may disclose data if required by law, but we will notify you unless legally prohibited from doing so.

Security Incident Response

In the unlikely event of a security incident:

  1. Detection: Our monitoring systems detect potential incidents
  2. Assessment: Security team assesses scope and impact
  3. Containment: Immediate action to contain the incident
  4. Notification: Affected customers are notified within 72 hours
  5. Resolution: Issue is resolved and systems are restored
  6. Review: Post-incident review to prevent future occurrences

User Privacy

Conversation Privacy

  • User conversations with your AI Twin are stored securely
  • Only you (the customer) can access user conversation data
  • Steno.ai employees do not review conversations unless you explicitly opt in for support

User Data Handling

  • User authentication data is encrypted and secured
  • Personal information is minimized (we only collect what’s necessary)
  • Users can request deletion of their conversation data through you (the customer)

Best Practices for Customers

Protect User Privacy

  • Clearly communicate to users how their data will be used
  • Obtain appropriate consent for AI interactions
  • Provide users with privacy controls

Secure Your Dashboard

  • Use strong passwords for dashboard access
  • Enable MFA if available
  • Limit dashboard access to authorized team members only

Handle AI Output Responsibly

  • Review AI-generated content for accuracy
  • Don’t use the AI for regulated advice without appropriate disclaimers
  • Monitor conversations for quality and compliance

Questions about security or privacy? Contact legal@steno.ai.

Last updated on
Training to SellLegal & Terms