Trust Center

Security & Privacy at Hermetiq

Built for sensitive conversations. Your choice of protection level.

Security & Privacy

Enterprise Security

Hermetiq Web

Cloud-Encrypted Processing

  • End-to-end AES-256 encryption
  • Regional data processing (US/EU)
  • SOC 2 + HIPAA infrastructure
  • Audio deleted after processing
  • No model training on your data

Best for: Convenience, any device access, practices needing certified compliance documentation

Where Does Your Data Go?

Transparent data flow for both product tiers.

Hermetiq Web Data Flow

Your Browser

Upload & encrypt audio

Private Cloud (US/EU)

Transcribe & generate

SOC 2HIPAA

Your Browser

Review & edit notes

Audio deleted immediately after transcription. Never stored.

Infrastructure Certifications

Hermetiq runs on enterprise-grade cloud infrastructure with healthcare certifications.

Active

SOC 2 Type II with HIPAA

Healthcare workload compliance

via Cloud infrastructure

Active

ISO/IEC 27799

Healthcare information security

via Cloud infrastructure

Active

ISO/IEC 27001

Information security management

via Cloud infrastructure

Active

ISO/IEC 27701

Privacy information management

via Cloud infrastructure

Compliant

GDPR

EU data protection regulation

via Hermetiq practices

Compliant

NIS 2

EU cybersecurity directive

via Cloud infrastructure

Full certification details available upon request. Contact us for compliance documentation.

Security Controls

Data Privacy & Security

  • End-to-end AES-256-GCM encryption
  • TLS 1.3 for all transmissions
  • No persistent audio storage
  • No training on customer data
  • Regional data processing

Access Management

  • Industry-standard authentication
  • No PII in our systems
  • Audit logging for compliance

Infrastructure Security

  • Certified data center security
  • Customer workload isolation
  • Automated vulnerability scanning
  • 24/7 monitoring

Subprocessors

Third-party services that process data on our behalf.

SubprocessorPurposeData ProcessedRegionCertifications
GroqAI inference (STT + LLM)Audio, textUS / EU (Finland)SOC 2 Type II, HIPAA, GDPR
SupabaseDatabase & authenticationAccount data, session metadataUS / EUSOC 2 Type II
StripePayment processingPayment information onlyGlobalPCI DSS Level 1
VercelWebsite hostingNo PHIGlobalSOC 2 Type II

Frequently Asked Questions

Questions?

Our security team is here to help with any questions about data protection, compliance, or enterprise requirements.

Contact Security TeamPrivacy Policy

Response time: Within 48 hours

GDPR CompliantHIPAA ReadySOC 2 Type IIISO 27799