security
How we handle data
Transcript content stays on your device, while a small set of account data runs on standard cloud infrastructure. This page covers both.

Encryption at rest
Account and dictionary data is encrypted at rest by our cloud infrastructure providers, so the little we hold is protected to the same standard throughout.

What we do store
Your account details, billing status, workspace membership, and dictionary live in our database so settings follow you. Transcript content is never part of it.
Encryption in transit
All traffic between your browser and our services uses HTTPS and TLS. This covers account and workspace data, since transcript content doesn't travel at all.
Nothing in our logs
Our error reports and usage analytics describe the application, never your content, so transcript text cannot appear in logs, crash reports, or telemetry we collect.
Workspace isolation
Each workspace's dictionary and settings are restricted to its members through database-level access controls, so flagged terms never reach another workspace.
No training, ever
No AI model processes your transcripts, and nothing you clean trains anything, because redaction runs on a deterministic rules engine entirely on your own device.

Google sign-in
Authenticate with your Google account.

Email sign-in
Sign in with a one-time code sent to your email, with no password to store or leak.

Admin controls
Workspace admins manage billing, member access, and the shared dictionary.

You control your transcripts
Transcripts exist only in your browser and your exports, so what gets shared, where it goes, and who sees it is entirely in your hands.

No transcript retention
There is no retention window because there is no transcript storage. Closing the tab removes a file from your device, with no server copy behind it.

Dictionary data
The terms you flag sync to your workspace so your team redacts consistently. They can include sensitive names, so they're encrypted at rest and deleted alongside it.
Compliance, reporting, billing
Compliance
Transcript Shield is operated by Wasatch Labs, LLC. Because transcript content is processed entirely on your device and never transmitted to us, most data-processing obligations that apply to cloud tools don't attach here, and no DPA is required to start. We're committed to GDPR for the account and workspace data we do hold, and you remain responsible for informing your research participants about your own recording and processing practices.
Report an issue
Email security@transcriptshield.com with the subject "Security report," including steps to reproduce and expected impact. We respond to critical issues within 24 hours.
Billing
Billing is handled by Stripe. Transcript Shield never stores your card details, and canceling takes effect from your account settings without a conversation.
Protect the people behind your research
Redact your next transcript in the browser so the trust your participants gave you never leaves your hands.
