Privacy & Security
auraScribe serves you, the individual — not your organisation. There is no admin dashboard, no manager view, no company-wide analytics. Every insight belongs to the person who recorded the conversation.
Per-user isolation
Every user's data is stored in isolated paths within Firebase Storage. Your recordings, transcripts, and analysis reports live under your unique user ID. No other user — and no administrator — can access them through the application.
Server-side path validation prevents traversal attacks, ensuring API requests can only access data belonging to the authenticated user.
What auraScribe stores
| Data | Where | Retention |
|---|---|---|
| Audio recordings | Firebase Storage (per-user path) | Until you delete them |
| Transcripts and analysis | Firebase Storage (per-user path) | Until you delete them |
| User profile | Firestore (per-user document) | Until account deletion |
| Speaker database | Firestore (per-user collection) | Until you delete entries |
What auraScribe does NOT do
- No company-wide analytics or dashboards
- No sharing of analysis between users
- No training AI models on your data
- No selling or monetising your recordings
- No emotion recognition (EU AI Act compliant)
- No persistent audio retention beyond your control
Authentication
auraScribe uses Firebase Authentication with Google Sign-in and email/password options. All API endpoints require a valid Firebase ID token, verified server-side using the Firebase Admin SDK.
AI processing
Audio and text are processed through Google Gemini's API. Google's API data use policy applies: data sent to the Gemini API is not used to train Google's models. Processing happens in Google's cloud infrastructure.
Infrastructure
- Hosting: Google Cloud Run (europe-west1)
- Storage: Firebase Storage with security rules enforcing per-user access
- Database: Cloud Firestore with security rules
- Transport: HTTPS everywhere, enforced by Cloud Run