Security & Data Protection
Last updated: June 9, 2026
Legal audio is some of the most sensitive material a firm handles — court hearings, depositions, witness statements, and privileged attorney work product. MatterScribe is built so that this material stays protected at every stage: upload, processing, storage, and deletion. This page summarizes the safeguards we have in place. It supplements, and does not replace, our Privacy Policy and Terms of Service.
1. Encryption
Your files and transcripts are encrypted at every stage of their lifecycle:
- AES-256 encryption at rest — audio files and transcription content are encrypted in storage.
- TLS encryption in transit — all data moving between your browser and our service is encrypted over HTTPS.
2. Infrastructure
MatterScribe runs on secure, SOC 2-compliant cloud infrastructure. We rely on established cloud providers for storage, compute, and authentication rather than operating our own data centers, which lets us inherit their physical security, redundancy, and compliance controls.
3. Access Controls & Authentication
- Access to your account is protected by authentication and access controls.
- Firm accounts include administrator controls for managing member access.
- Internal access to customer data is limited to what is necessary to operate, maintain, and support the service.
4. AI & Your Data
We do not use your uploaded files to train or improve AI models. Your audio and transcripts are processed solely to deliver your transcription — never to train, fine-tune, or improve any model, and never for any purpose other than providing the service to you.
When we analyze usage to improve MatterScribe, we use only anonymized, aggregate usage patterns, and only with your consent. We do not analyze the content of your audio files or transcripts for this purpose.
5. Confidentiality & Data Sharing
We do not sell your personal information. We do not share your audio files or transcription content with third parties for their own purposes.
We share data only with:
- Service providers (subprocessors) — third parties that operate parts of our service (cloud infrastructure, data storage, compute, payment processing, and authentication). They process your data only on our behalf and on our instructions. Payment processing is handled by Stripe; MatterScribe does not store your full payment card details.
- Legal requirements — when required by applicable law.
6. Data Retention & Deletion
We retain your files only as long as your plan provides, then delete them. You can also delete your data at any time.
| Data Type | Retention Period |
|---|---|
| Audio files (Trial) | 3 days |
| Audio files (Pay-As-You-Go) | 3 days |
| Audio files (Professional) | 7 days |
| Audio files (Professional Plus / Firm) | 30 days |
| Transcripts | Same as audio files for your plan |
| Account data | Until account deletion |
| Audit logs | Up to 3 years (IP addresses anonymized) |
| Payment records | Per Stripe's retention policy |
When you delete your account, your personal data is permanently deleted within 24 hours. For full details on exporting and deleting your data, see Your Data Rights.
7. Data Minimization
We collect only what we need to run the service:
- IP addresses are used for security and fraud prevention and are anonymized in our audit logs.
- Browser and device information is used for service optimization and is not stored.
- Analytics on the marketing site default to a cookieless, anonymous mode unless you consent to more.
8. Monitoring & Security Reviews
We protect the service through ongoing security reviews and monitoring, access controls, and secure cloud infrastructure, with the goal of detecting and preventing unauthorized access and fraud.
9. Incident Response
In the event of a security incident affecting your personal data, we will investigate, take steps to contain and remediate the issue, and notify affected users and regulators as required by applicable law (including GDPR and CCPA where they apply).
10. Your Rights & Control
Under GDPR, CCPA, and other privacy laws, you can:
- Access — request a copy of your data
- Correct — update inaccurate information
- Delete — request account and data deletion
- Export — download your data in a portable format
- Opt out — disable analytics and non-essential cookies
Manage your data in your account under Settings → Data & Privacy — download or delete your data directly. See Your Data Rights for full details, or contact us via our contact form. We respond within 30 days (or sooner for GDPR/CCPA requests).
11. Reporting a Security Concern
If you believe you have found a security vulnerability or have a security question, please reach out through our contact form or email [email protected]. For procurement reviews or security documentation requests, use the same channels and we will follow up.
12. Related Documents
- Privacy Policy — how we collect, use, and protect your data
- Your Data Rights — exporting and deleting your data
- Terms of Service — service terms and conditions
- Cookie Policy — cookie usage details