Role-based access control
Access to platform data is enforced at multiple levels: application code, API middleware, and database row-level security policies.
Security measures
Encryption
All data is encrypted in transit using TLS 1.3. Sensitive data at rest is encrypted using AES-256.
Access Controls
Role-based access control (RBAC) ensures users only access data they are authorized to view. Admin actions require additional verification.
Identity Verification
Manual KYC verification requires users to submit identity documents (passport, national ID, or business documents) which are reviewed by our team to ensure certificate creators are verified individuals or organizations.
File Security
Uploads are validated by type and size, and checked against known malicious signatures using hash reputation services. Audio files are processed and deleted after fingerprint extraction (typically within 24 hours).
Audit Logging
Comprehensive audit trails track all significant actions including certificate creation, access, and modifications.
Infrastructure
Enterprise-grade cloud hosting with automatic DDoS protection. Database protected with row-level security (RLS) policies. See our subprocessors page for vendor details.
Rate Limiting
API endpoints are protected with rate limiting to prevent abuse and ensure service availability.
Incident Response
We have documented incident response procedures. Security incidents are investigated and affected users notified as required.
Data Protection
Audio Files & Preview Clips
We do not store your raw audio files long-term. Audio is processed to extract a cryptographic fingerprint (hash) and then immediately deleted from our servers, typically within 24 hours. Only the fingerprint is retained for verification purposes.
For enterprise and dispute accounts, we may retain a 120-second derived audio preview clip(extracted from the middle of the file) for up to 90 days to enable accurate dispute resolution. This preview is encrypted, access-controlled, and audit-logged. You can opt out of preview retention in your settings.
Certificates & Records
Certificate data and audit trails are stored securely with row-level security policies ensuring users can only access their own data. All database access is logged and monitored.
Backups
Database backups are encrypted and retained according to our backup policy. Backups are tested regularly to ensure data can be recovered if needed.
Responsible Disclosure
We take security seriously and appreciate responsible disclosure of vulnerabilities. If you discover a security issue, please report it to us privately.
What to include in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested remediation (optional)
Please do not publicly disclose vulnerabilities until we have had a chance to investigate and address them.
Compliance
GDPR
We comply with the General Data Protection Regulation for processing personal data of EU/UK residents.
ICO Registration
Registered with the UK Information Commissioner's Office (ICO) under registration number ZB861589.
Questions?
For security-related inquiries, contact security@audiverify.com. For general questions, contact support@audiverify.com.