BriefVox AIBriefVox AI
Accueil

BriefVox AI

Security Policy

Dernière mise à jour: 2026-05-22

Ce document n'a pas encore de traduction juridique dédiée pour la langue choisie. La version disponible est affichée.

BriefVox AI Security Policy

Operator details

The operator of BriefVox AI is: Wojciech Ogonowski, osoba fizyczna prowadząca działalność nierejestrowaną w rozumieniu art. 5 ustawy – Prawo przedsiębiorców, Grodzisk Mazowiecki, Polska.

Customer support contact: support@briefvox.com.

Privacy and data protection contact: privacy@briefvox.com.

1. Purpose of this document

This document may be published as a public-facing Security page and used internally as a set of security requirements for BriefVox AI.

2. File security

Audio files, video files, and linked media imports are stored in a private, non-public data store.

Files are accessed through temporary, expiring links.

Files are encrypted at rest and in transit.

Files are not publicly indexed and must not be accessible without user authorization.

3. Administrative access

Administrative access must be limited to individuals who genuinely require it.

Administrative accounts must have two-factor authentication (2FA) enabled.

Administrative actions must be logged.

Service staff and technical personnel do not have standard access to the contents of user recordings or transcriptions. Emergency access, if technically provided for, may only be used in exceptional circumstances, must require authorization, must be recorded in logs, and must be limited to the minimum scope necessary to resolve the issue.

4. Application security

passwords stored only as secure hashes,

sessions in secure HTTP-only cookies,

rate limiting on login and password reset,

file validation and 2 GB size limit,

server-side audio-track duration verification,

Stripe webhooks with signature verification and idempotency,

protection against concurrent minute-limit bypass,

regular dependency updates.

5. Transcription and AI providers

Audio files, video files, and linked media imports may be submitted to an external transcription provider solely for the purpose of delivering the service. For video, the system may submit only the extracted audio track where technically sufficient. Before going live, the provider's data processing terms, processing location, data retention practices, and the availability of a DPA or other required agreements must be verified.

6. Backups and recovery

the system must have backups of the database and metadata,

backups must be encrypted,

access to backups must be restricted,

backup restoration must be tested periodically,

the backup deletion cycle must align with the Data Retention Policy.

7. Vulnerability reporting

Security issues can be reported to: privacy@briefvox.com. A report should include a description of the vulnerability, reproduction steps, and the potential impact. The Operator will not penalize good-faith disclosures that do not involve accessing other users' data or disrupting the Service.

ConditionsConfidentialitéCookiesRemboursementsAbonnementsAI NotesDPAConservation des donnéesSécuritéSous-traitantsContactFAQParamètres des cookies