Security and privacy
Learn about security and privacy policies.
At Soniox, we take security and privacy seriously. Our platform is designed to keep your data protected while reducing compliance burdens for your business. This page outlines how Soniox handles data, meets compliance requirements, and ensures secure communication.
Compliance
Soniox meets industry-leading certification standards:
- SOC 2 Type 2 – ongoing, independent audits of our security, availability, and confidentiality controls.
- GDPR – fully compliant with the EU General Data Protection Regulation.
- HIPAA – certified to support healthcare applications that require protection of PHI (Protected Health Information).
To request compliance documentation (SOC 2 report, GDPR, HIPAA), contact us at support@soniox.com.
Data handling
- No model training – your audio and transcripts are never used to improve Soniox models or services.
- No retention – soniox does not store your audio or transcript data unless explicitly requested through a service that supports storage, i.e. async API.
- Storage – when you choose to store data, it is securely isolated within your Soniox Account.
- Data deletion – you can delete all stored audio and transcripts at any time via the Soniox Console or API.
Logging
- Minimal logging is performed for service reliability, debugging, and billing.
- Logs never contain raw audio or transcript content.
- Diagnostic metadata (such as request IDs or error traces) may be retained temporarily for operational purposes.
Encryption & security
- In transit – all communication between your application and Soniox services is encrypted using TLS 1.2+.
- At rest – any stored audio or transcript data is encrypted with strong industry-standard encryption.
- Access control – stored data is restricted to your account namespace, accessible only by your API keys.