Tiro Data Security & Privacy

Audio is discarded immediately after transcription, and customer data is never used to train AI models.

Tiro is an AI meeting assistant for busy business leaders, offering real-time transcription, automatic summarization, and structured, searchable notes under a strict security policy.

Our Data Protection Principles

Audio Discarded Instantly, Data Encrypted

Audio files are irreversibly discarded right after transcription, never stored on disk in plaintext. Meeting notes and summaries are encrypted at rest with AES-256, using a separate key per user and organization. Data in transit is protected with TLS 1.3.

Stored in the AWS Seoul Region

Your data lives in the AWS Seoul region (ap-northeast-2) with a Multi-AZ deployment, meeting Korean data sovereignty requirements and staying available through single-AZ failures. Enterprise customers can choose a different region or a dedicated VPC for physical tenant isolation.

Never Used for AI Model Training

No customer data, including your conversations, is used for model training or fine-tuning. This applies across free, paid, and enterprise tiers. Every LLM and STT vendor we use has signed a DPA that prohibits training and requires Zero Data Retention.

Security Overview

Encryption

AES-256 for data at rest, TLS 1.3 (AES-256-GCM) for data in transit. RDS (Aurora MySQL/PostgreSQL), ElastiCache, EBS, and S3 are encrypted end to end, with per-customer keys keeping tenants fully isolated.

Data Storage Location

Hosted in the AWS Seoul region (ap-northeast-2) to meet Korean data sovereignty requirements. Multi-AZ deployment keeps the service available, and Enterprise contracts can use a different region or dedicated VPC for physical tenant isolation.

Key Management (KMS / HSM)

AWS KMS protects encryption keys using FIPS 140-2 validated HSMs, rotating them automatically every 12 months. Applications never hold plaintext keys; all encryption and decryption goes through the KMS API.

Access Control

QueryPie-based RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) enforce least-privilege access. Only the CTO and one senior engineer can access plaintext content, and every access is permanently logged at the query and column level.

Monitoring & Audit Logs

We run 24×7 monitoring with AWS GuardDuty (threat detection), Inspector (vulnerabilities), WAF + Cloudflare (web attack protection), and Datadog dashboards. CloudTrail is delivered cross-account to a dedicated Security Account, so logs can't be tampered with from operational accounts.

Service Availability & Backup

A 99.9% monthly SLA, with service credits if we miss it. Databases are backed up automatically (MySQL 21 days, PostgreSQL 7 days) under KMS encryption, with annual restore testing. RTO 24h, RPO 24h.

Enterprise Security Features

Security controls built for enterprise environments.

SSO (SAML/OIDC)

Single sign-on through your corporate IdP, including Okta, Azure AD, and Google Workspace. Users log in with their company account, and access changes stay in sync with your IdP policies.

Enterprise option: Dedicated cloud environments with physical tenant isolation, plus custom security options, are available on request.

How Your Data Is Processed

Audio handling principle: “Audio is processed only to transcribe it, then irrecoverably discarded.”

Mode	Processing Flow	Storage
Real-time (Streaming)	Microphone and system audio → STT engine (streaming) → text conversion, then discarded from memory and the stream	No plaintext disk storage
Batch (Upload)	Audio/video upload → STT and speaker diarization → discarded immediately	Discarded automatically after processing
AI training	-	Never used

Exception - original audio retention on explicit opt-in: If a user explicitly opts in to keep original audio for verification or backup, the audio is stored in their own encrypted storage with a separate key, and is permanently destroyed on deletion. The default is off, and organizations can enforce this policy centrally at the enterprise level.

Scope of Deletion

Deletion covers the operational database, automatic backups, vector indexes, and caches. Some records are kept separately to meet statutory retention requirements and are automatically discarded once those windows close. On account closure, AWS KMS customer keys are scheduled for deletion so any residual encrypted data becomes permanently inaccessible.

Compliance & Certifications

Tiro runs its compliance program on Drata, with controls aligned to ISO 27001:2022, SOC 2, and an ISMS framework.

Certification	Stage	Status	Reports
SOC 2 Type 1	5 TSC (Security, Availability, Confidentiality, Processing Integrity, Privacy)	Attested	Shared immediately after NDA (Clickwrap)
ISO 27001:2022	Stage 1 (Readiness Review)	Complete	Shared after certification, under NDA
ISO 27001:2022	Stage 2 (Effectiveness Audit)	Scheduled May 2026	-
SOC 2 Type 2	Observation period (same 5 TSC as Type 1)	Observation in progress (~2026 June)	Shared after certification, under NDA

The same controls operate before NDA (the same Drata controls, policy documentation, and evidence collection are in place). We can substantiate them with this Trust Document and our policy library on request.

For certification reports, DPAs, or policy documents, contact partners@theplato.io.

Frequently Asked Questions

Does Tiro use my conversations to train AI models?

No. No customer data, including your conversations, is used for model training or fine-tuning. This applies across free, paid, and enterprise tiers. Every LLM and STT vendor we use has signed a DPA that prohibits training and requires Zero Data Retention.

Where is my data stored?

Your data lives in the AWS Seoul region (ap-northeast-2) with a Multi-AZ deployment. It's encrypted with AES-256 using a separate key per user and organization. Enterprise customers can choose a dedicated VPC or a different region.

Who can access my data?

By default, only you and the people you share with. Operationally, plaintext content access is strictly limited to the CTO and one senior engineer, and every access request is permanently logged at the query and column level via QueryPie. Employees complete mandatory security training at onboarding and pass quarterly access reviews.

How is voice audio handled?

In real-time mode, microphone and system audio is discarded from memory the moment it streams through the STT engine. There is no plaintext disk storage. Uploaded audio and video files are also discarded automatically once processing completes. The only exception is when a user explicitly opts in, in which case audio is retained in their own encrypted storage (off by default).

Can I control whether audio is stored, how long notes are kept, and how they're shared?

Yes. Customers control the lifecycle of their data: audio retention, note retention windows, and external sharing scope. Enterprise plans extend this to organization-wide policies, including per-domain retention (for example, 90, 180, or 365 days), external sharing allowlists, and session timeout settings.

What happens when I delete a note or my account?

Note bodies, transcripts, and summaries are hard-deleted from the operational database, vector indexes (pgvector), and caches immediately. Automatic backups are discarded once their retention windows elapse (MySQL 21 days, PostgreSQL 7 days). On account closure, AWS KMS customer keys are scheduled for deletion so any residual data becomes permanently inaccessible. Enterprise customers receive erasure receipts in JSON or PDF format.

Are you SOC 2 or ISO 27001 certified?

SOC 2 Type 1 was attested on March 31, 2026 (auditor Sensiba LLP, 5 TSC: Security, Availability, Confidentiality, Processing Integrity, Privacy). SOC 2 Type 2 is in observation with the same 5 TSC scope and scheduled to complete in June 2026. ISO 27001:2022 Stage 1 (Readiness Review) is complete, with Stage 2 (Effectiveness Audit) scheduled for May 2026. Controls run on the Drata GRC platform, and reports are available under NDA.

Can I get a DPA (Data Processing Agreement)?

Yes. Reach out to partners@theplato.io.

Which sub-processors do you use?

Infrastructure: AWS (Seoul region). LLM: Azure OpenAI (primary), Anthropic Claude (fallback), Google Vertex AI / Gemini, AWS Bedrock. STT: Deepgram, AssemblyAI, ElevenLabs, NAVER Cloud Clova, Google Speech-to-Text. Payments: Stripe, RevenueCat. Transactional email: SendGrid. All LLM and STT partners are bound by DPAs that prohibit training and require Zero Data Retention.

Do you support SSO and MFA?

Yes. Enterprise plans support SAML/OIDC-based SSO (Okta, Azure AD, Google Workspace, and other major IdPs) and MFA, with SCIM provisioning for automatic user sync.

Do you support Private Cloud or On-Premise?

Yes. SaaS, Private Cloud, and On-Premise are all available depending on your security requirements. For isolation level, operating model, and other details, reach out to partners@theplato.io.

How do I report a security issue?

Please report security vulnerabilities to partners@theplato.io. Enterprise customers are covered by a 4-hour first-response SLA and a 24-hour customer-notification SLA for security incidents.

Get in Touch

Need additional materials for a security review, or have a question? We're happy to help.

Security Contact

For security reviews, DPA requests, certification reports, vulnerability disclosures, or any other security-related inquiries:

partners@theplato.io