Enterprise-Grade Security & Compliance

Built for training teams in regulated industries. We take security, privacy, and compliance as seriously as you do.

Infrastructure & Technical Security

SOC2 Type II Compliant

All audio processing and storage happens on SOC2 Type II certified infrastructure. Annual audits verify our controls for security, availability, processing integrity, confidentiality, and privacy.

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Voice files and training content are never transmitted or stored unencrypted.

Isolated Processing

Each client's voice models and content are processed in isolated containers. No shared infrastructure that could leak between clients.

Regular Security Audits

Quarterly penetration testing and vulnerability assessments by third-party security firms. All findings remediated within 30 days.

Access Controls

Role-based access control (RBAC) ensures only authorized personnel can access your data. Multi-factor authentication required for all team access.

Complete Audit Logs

Complete audit trail of all access and processing activities. Logs retained for 1 year and available for your security reviews.

Data Handling & Privacy

What We Store:

  • Voice Models: Encrypted mathematical representations of voice characteristics (not raw audio)
  • Processing Files: Temporary during active projects only
  • Account Information: Contact details, contract terms, usage metrics

What We Don't Store:

  • Training Content: Deleted immediately after delivery
  • Raw Audio Recordings: Deleted 7 days after voice model creation
  • Learner Data: We never see or process any end-user learning data

Data Retention Policy:

  • Training scripts: Deleted upon delivery
  • Generated audio: Deleted after client confirms receipt
  • Voice models: Retained during active contract + 30 days
  • Upon contract termination: All client data deleted within 30 days

Legal Frameworks & Compliance

📄

Non-Disclosure Agreements

We sign your standard NDA before discussing any project details. If you don't have an NDA template, we provide one. Executed before any audio is shared.

Voice Consent & Rights

We provide legally-reviewed voice consent agreements covering scope of use, duration, ownership, compensation, and usage rights. Approved by Fortune 500 legal departments.

🌍

GDPR Compliant

Data processing agreements available. Right to deletion honored. Data subject access requests supported. EU data residency available.

⚕️

HIPAA Ready

Business Associate Agreements (BAA) available. No PHI in voice cloning process. Training content treated as confidential. HIPAA-compliant hosting available.

🔒

SOC2 Type II

Annual audits. Controls for security, availability, and confidentiality. Reports available under NDA.

🏛️

CCPA Compliant

Compliant data handling. Privacy rights respected. No sale of personal information.

Voice Consent Process

1

Employee Notification

Your HR or training team notifies the individual that voice cloning is being considered for training content.

2

Consent Documentation

We provide a clear, plain-language consent agreement explaining what voice cloning is, specific use cases, duration, scope, compensation, and rights.

3

Legal Review

Your legal team reviews the agreement. We accommodate modifications to meet your requirements.

4

Signed Consent

Individual signs consent before any recording happens. Copy provided to employee, retained by your company and us.

5

Recording Session

Only after signed consent do we proceed with recording.

Security Questions?

If you have specific security, compliance, or legal questions not addressed here, please reach out to our security team directly.

Email: security@clonemyvoice.ai
Response Time: Within 24 hours for security inquiries

Book Security Review Call