security

How we handle data

Transcript content stays on your device, while a small set of account data runs on standard cloud infrastructure. This page covers both.

Encryption at rest

Account and dictionary data is encrypted at rest by our cloud infrastructure providers, so the little we hold is protected to the same standard throughout.

What we do store

Your account details, billing status, workspace membership, and dictionary live in our database so settings follow you. Transcript content is never part of it.

Encryption in transit

All traffic between your browser and our services uses HTTPS and TLS. This covers account and workspace data, since transcript content doesn't travel at all.

Nothing in our logs

Our error reports and usage analytics describe the application, never your content, so transcript text cannot appear in logs, crash reports, or telemetry we collect.

Workspace isolation

Each workspace's dictionary and settings are restricted to its members through database-level access controls, so flagged terms never reach another workspace.

No training, ever

No AI model processes your transcripts, and nothing you clean trains anything, because redaction runs on a deterministic rules engine entirely on your own device.

Identity management

Sign in the way your team already does.

Identity management

Sign in the way your team already does.

Identity management

Sign in the way your team already does.

Google sign-in

Authenticate with your Google account.

Email sign-in

Sign in with a one-time code sent to your email, with no password to store or leak.

Admin controls

Workspace admins manage billing, member access, and the shared dictionary.

Privacy and data handling

The shortest version: we can't lose what we never receive.

Privacy and data handling

The shortest version: we can't lose what we never receive.

Privacy and data handling

The shortest version: we can't lose what we never receive.

You control your transcripts

Transcripts exist only in your browser and your exports, so what gets shared, where it goes, and who sees it is entirely in your hands.

No transcript retention

There is no retention window because there is no transcript storage. Closing the tab removes a file from your device, with no server copy behind it.

Dictionary data

The terms you flag sync to your workspace so your team redacts consistently. They can include sensitive names, so they're encrypted at rest and deleted alongside it.

Deletion

Owners can delete a workspace and its dictionary anytime, with full erasure within 30 days of a verified request. Transcripts need no deletion, since we never had them.

Billing data

Billing is handled by Stripe, and your payment details go directly to them, so we never see, store, or process your card information ourselves.

US-based infrastructure

Account and workspace data is stored and processed in the United States. Transcript content is processed wherever you are, on your own device.

Compliance, reporting, billing

Compliance

Transcript Shield is operated by Wasatch Labs, LLC. Because transcript content is processed entirely on your device and never transmitted to us, most data-processing obligations that apply to cloud tools don't attach here, and no DPA is required to start. We're committed to GDPR for the account and workspace data we do hold, and you remain responsible for informing your research participants about your own recording and processing practices.

Report an issue

Email security@transcriptshield.com with the subject "Security report," including steps to reproduce and expected impact. We respond to critical issues within 24 hours.

Billing

Billing is handled by Stripe. Transcript Shield never stores your card details, and canceling takes effect from your account settings without a conversation.

Security questions

Everything you need to know about where your transcripts go, which is nowhere, and how we handle the rest.

Security questions

Everything you need to know about where your transcripts go, which is nowhere, and how we handle the rest.

Security questions

Everything you need to know about where your transcripts go, which is nowhere, and how we handle the rest.

Where is my transcript data stored?

On your device and only your device. Transcripts are processed in your browser, work in progress is saved in your browser's local storage, and exports download directly to your machine. Our servers never receive, process, or store transcript content, and you can confirm this by watching your browser's network tab while you work.

What data do you actually hold about me?

Your account details, billing status through Stripe, workspace membership, and your workspace dictionary. That's the complete list, and transcript content is never part of it.

How is the data you do hold protected?

Traffic uses HTTPS and TLS, data at rest is encrypted by our infrastructure providers, and workspace data is isolated with database-level access controls so only your members can reach your dictionary and settings.

Do I need a DPA or legal review to use Transcript Shield?

That's your organization's call, but since transcript content never enters our infrastructure, there's no transcript-processing relationship for a DPA to govern, and many teams find the review is limited to the account data we hold. This page plus our privacy policy usually covers what an IT reviewer needs.

What happens when I delete a transcript or my account?

Removing a transcript deletes it from your browser immediately, and there's no server copy to chase. Deleting your account removes your workspace, dictionary, and account data, with full erasure within 30 days of a verified request.

Who at Transcript Shield can access my transcripts?

Nobody, including us. This isn't a policy promise, it's an architectural fact, since the transcripts never leave your device and we have no mechanism to reach them.

Where is my transcript data stored?

On your device and only your device. Transcripts are processed in your browser, work in progress is saved in your browser's local storage, and exports download directly to your machine. Our servers never receive, process, or store transcript content, and you can confirm this by watching your browser's network tab while you work.

What data do you actually hold about me?

Your account details, billing status through Stripe, workspace membership, and your workspace dictionary. That's the complete list, and transcript content is never part of it.

How is the data you do hold protected?

Traffic uses HTTPS and TLS, data at rest is encrypted by our infrastructure providers, and workspace data is isolated with database-level access controls so only your members can reach your dictionary and settings.

Do I need a DPA or legal review to use Transcript Shield?

That's your organization's call, but since transcript content never enters our infrastructure, there's no transcript-processing relationship for a DPA to govern, and many teams find the review is limited to the account data we hold. This page plus our privacy policy usually covers what an IT reviewer needs.

What happens when I delete a transcript or my account?

Removing a transcript deletes it from your browser immediately, and there's no server copy to chase. Deleting your account removes your workspace, dictionary, and account data, with full erasure within 30 days of a verified request.

Who at Transcript Shield can access my transcripts?

Nobody, including us. This isn't a policy promise, it's an architectural fact, since the transcripts never leave your device and we have no mechanism to reach them.

Protect the people behind your research

Redact your next transcript in the browser so the trust your participants gave you never leaves your hands.