Security at EasyMinutes

Encryption in transit.

All communication between your browser, our application, and our processing services uses TLS 1.2 or higher. Your recordings never travel the internet in plain text.

Encryption at rest.

Recordings, transcripts, and generated minutes are encrypted on disk using AES-256 encryption. Encryption keys are managed through a dedicated cloud key management service.

U.S.-based infrastructure.

EasyMinutes runs entirely on U.S.-based infrastructure. Your data does not leave the United States during processing or storage.

Tenant isolation.

Each organization’s data is fully isolated. There is no cross-tenant access. Users from one organization cannot see, query, or accidentally encounter data from another organization. This is enforced at the database, application, and API layers.

Your data is not used to train shared AI models.

EasyMinutes does not retain, share, or otherwise use your meeting content to train AI systems — ours or anyone else’s.

Audio is processed and discarded.

Our transcription providers process your audio under U.S.-region contracts and do not retain it for model training.

Generated minutes stay yours.

The AI services that draft your minutes do not use your meeting content to improve shared models.

Role-based access within your organization.

Owners, admins, and members have appropriate permission levels. Only authorized users in your organization can view your meetings.

Authentication.

EasyMinutes uses a trusted third-party authentication provider for secure user sign-in. Authentication is handled through industry-standard protocols with built-in protections against credential stuffing, brute force attacks, and account takeover.

Audit log.

Every meeting creation, edit, share, and deletion is logged with timestamp and user identity, available to your organization’s admin.

Audio recording retention.

Audio recordings are retained in your account for as long as you choose to keep them. You can delete a recording at any time, immediately after minutes are generated or at any later point. Recording retention is independent of transcript and minutes retention — you can delete the audio while keeping the generated minutes.

Default retention policy.

By default, audio recordings remain in your account until you delete them.

You control your data.

You can delete any recording, transcript, or minute set from your account at any time. Deletion is immediate and permanent.

Account-level deletion.

If you close your EasyMinutes account, all associated recordings, transcripts, and minutes are permanently deleted from our systems within 30 days.

Backup retention.

Encrypted backups are retained for up to 7 days for disaster recovery purposes only. They are not accessible to staff or third parties and are purged on the standard cycle.

Current posture.

EasyMinutes follows industry-standard security practices including encryption at rest and in transit, principle-of-least-privilege access controls, secret management through dedicated vaults, and regular dependency vulnerability scanning.

Formal certifications.

SOC 2 Type II audit is on our roadmap. We are not currently SOC 2, ISO 27001, or HIPAA certified.

Public records and open meeting law compliance.

EasyMinutes is designed for organizations subject to public records and open meeting laws. Recordings and minutes can be retained, exported, or deleted according to your organization’s retention schedule.

Monitored infrastructure.

Application performance, error rates, and security events are monitored continuously. Our team is alerted to anomalies.

Encrypted secrets management.

API keys, database credentials, and other sensitive configuration values are managed exclusively through a dedicated cloud secret management service. They are never stored in code repositories or environment files.

Regular dependency updates.

Software dependencies are continuously monitored for known vulnerabilities and patched on a regular cadence.

Restricted production access.

Production systems are accessible only by authorized engineering personnel with multi-factor authentication. All production changes are logged.

If you believe you’ve discovered a security vulnerability or have a concern about how EasyMinutes handles your data, contact us at security@easyminutes.com.

We take all reports seriously and will respond within one business day. We do not retaliate against good-faith security researchers reporting vulnerabilities responsibly.

For questions about how EasyMinutes handles your data, email support@easyminutes.com.

For procurement-related security questionnaires, contact support@easyminutes.com and we’ll respond with our completed security documentation.