<aside> 🔐 Trust is the foundation of any relationship. At Steno.ai, we view our customer’s trust as our most valuable asset. To earn and keep this trust, we strive for the highest standards of security, privacy, and transparency. This page outlines how we protect your data while ensuring our products and services address our customer’s needs.
</aside>
This section contains an overview of the policies that govern our approaches to everything we do, including building products, providing services & support, and running our business.
We employ industry-standard encryption protocols to safeguard your data at rest and in transit. All data transmitted between our servers and your devices is protected using TLS 1.3 encryption. Data stored in our systems is encrypted using AES-256 encryption, ensuring that your information remains secure even in the unlikely event of unauthorized access to our servers. We regularly review our encryption methods, to stay ahead of emerging threats and maintain the highest level of data protection.
We are committed to protecting your privacy and handling your data with the utmost care. Our data privacy policy adheres to global standards, including GDPR and CCPA. We collect only the information necessary to provide and improve our services, and we never sell your personal data to third parties. You have full control over your data, including the right to access, correct, or delete your personal information. We maintain transparent data processing practices and provide regular updates on how we use and protect your information. If you have questions or wish to submit a request regarding your personal data, contact us – [email protected].
We have clear policies governing the retention and destruction of data. We only retain your data for as long as necessary to provide our services or as required by law. When data is no longer needed, we ensure it is securely and irreversibly destroyed using industry-standard methods. We regularly audit our data retention practices to ensure compliance with our policies and applicable regulations, maintaining the privacy and security of your information throughout its lifecycle.
We maintain strict control over our code provenance to ensure the integrity and security of our software. All code changes are tracked through a version control system with signed commits, allowing us to verify the origin and authenticity of every modification. We employ a rigorous code review process and only accept contributions from verified developers. Third-party libraries and dependencies are carefully vetted and continuously monitored for security vulnerabilities. This comprehensive approach to code provenance helps prevent unauthorized code injection and ensures that our software remains trustworthy and secure.
We carefully vet and monitor all third-party vendors who may have access to our systems or your data. Our vendor management policy includes thorough security assessments, contractual obligations for data protection, and ongoing monitoring of vendor practices. We require our vendors to adhere to the same high standards of security and privacy that we maintain ourselves. This ensures that your data remains protected throughout our entire supply chain and ecosystem.
Our primary cloud partner is Microsoft Azure. Please follow this link to learn the details of how Azure manages physical infrastructure security:
Microsoft Azure infrastructure security
Below is a list of features that are included in all of our products, services and other offerings by default.
Security is not an afterthought in our product—it's built into every aspect from the ground up. Our Secure by Design approach means that security best practices are integrated into the architecture, design, and implementation phases of our development process. This proactive strategy includes threat modeling, secure coding practices, and rigorous security testing at every stage. By anticipating and addressing potential vulnerabilities before they become issues, we create a more resilient product that can withstand evolving cyber threats. Our Secure by Design philosophy results in a product that not only meets current security standards but is also adaptable to future security challenges.