Skip to main content
Skip table of contents

Security Overview

Product Security

We take the security of our product very seriously. Our cloud offering is hosted on Amazon Web Services (AWS), which provides a secure, scalable, and reliable infrastructure for our product. In addition, we have implemented a number of security measures to protect customer data, including, but not limited to:

  • Data encryption both in transit and at rest

  • Access controls to ensure that only authorized users can access customer data

  • Regular data backups and disaster recovery procedures to prevent data loss in the event of an unexpected event

Data Security

All customer data is encrypted both in transit and at rest, using industry-standard encryption protocols. We use AWS key management services to manage encryption keys and ensure secure access to customer data. Access controls are in place to ensure that only authorized users can access customer data, and we regularly audit access logs to identify any unauthorized access attempts. Data backups are taken on a regular basis and stored in a secure, offsite location to ensure that customer data is not lost in the event of a disaster. Every customer's instance is completely isolated, this minimizes the risk of data breaches.

Infrastructure Security

AWS provides secure, scalable, and reliable infrastructure for our application. We use AWS security services to protect our servers and network from unauthorized access attempts and DDoS attacks. We also use security monitoring tools to identify potential security threats and take appropriate action so as to mitigate any risks.

Application Security

We follow secure coding practices to ensure that our product is secure against potential vulnerabilities. We use a variety of security tools to identify potential security vulnerabilities and regularly test our product. We also use security testing tools to identify any potential threats and take appropriate measures to address any issues.

We also implement additional security measures to protect customer data, including, but not limited to:

  • Regular vulnerability scanning and penetration testing – We regularly scan our systems and applications for potential vulnerabilities and use penetration testing to identify any potential security issues.

  • Intrusion detection and prevention – We take advantage of security monitoring tools to identify potential security threats and take appropriate action to mitigate any risks. This includes monitoring for suspicious activity and taking action to prevent unauthorized access attempts.

  • Regular data backups and disaster recovery procedures – We take regular backups of customer data and store them in secure locations to ensure that data can be restored in the event of a disaster or data loss.

Incident Response

We have a comprehensive incident response plan in place to detect and respond to security incidents. In the event of a security breach, we will notify customers as soon as possible and provide guidance on what actions they should take to protect their data.

Compliance

We comply with industry standards and regulatory requirements (such as GDPR) to ensure the privacy and security of customer data. We regularly review our security practices to ensure that we are in compliance with these regulations, and obtain third-party audits and certifications to demonstrate our commitment to security. AWS is also compliant with many industry and regulatory requirements, such as SOC2, PCI DSS, GDPR, etc. Customer data is encrypted.

Your Data and Eleveo Speech Generative AI

Eleveo does not share your data with third-party providers. The Speech Generative server is installed within the Eleveo private cloud, or on customer hardware. The generative AI model is a so-called ‘pre-trained’ data model. Recordings, transcriptions of recordings, and other related data are NOT used to improve the accuracy of the results or to train the model further. No customer data is shared or sent to an outside server or service for further processing. Please refer to the Eleveo Terms of Service or contact the Eleveo data protection contact person on how Eleveo handles customer data.

Recommended Security Configuration

In order to ensure that data remains secure, Administrators are urged to deploy and check that the following configuration changes have been made.

Failure to ensure that the recommended settings have been configured may expose recorded data or stored data.

User Security

  1. Ensure that a Password Policy is enforced and contains strong security requirements.
    For example, a password policy might have the following requirements:

  • Valid for 90 days

  • Minimum of 12 characters in length

  • Must have at least two special characters

  • Must have at least one numeric symbol

  • Must have a combination of uppercase and lowercase letters

  • The user must change the default password during the initial login

2. Ensure that you assign a proper role to the user. Role permissions should not be excessive and should be based on the actual work performed by users.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.