Data security and trust
Meeting recordings hold a team's most critical business decisions. We understand the weight of that trust, which is why data security is foundational to Deep Insight Agent's architecture — not an afterthought.
Your data always belongs to you. We never sell it, never use it for AI training, and never share it across tenants. You can export or delete all of it at any time.
Data encryption
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Whether in motion or at rest, your data stays under encryption.
- Encryption in transit: HTTPS / TLS 1.2+ end to end
- Encryption at rest: AES-256, with keys rotated automatically by the infrastructure
- Audio uploads travel through a separately encrypted channel
Multi-tenant isolation
Every organization's data is fully isolated at the database layer. We use PostgreSQL Row Level Security (RLS) to architecturally rule out cross-organization data leaks.
- Database-level row-level security (RLS) policies
- Every record is bound to an organization ID, and queries are filtered automatically
- Even if an application-layer vulnerability appears, the database layer still enforces isolation
AI never trains on your data
Your meeting content is never used to train any AI model. Both the Anthropic Claude API and the MiMo API we call commit to never using API input data for model training.
- Anthropic's commercial API: an explicit commitment not to train on input data
- API data is automatically deleted from Anthropic's servers after 30 days
- We run no training pipelines of our own
Data ownership
Your data always belongs to you. You can export all your analysis records at any time, or delete everything with one click. When you close your account, all data is permanently erased.
- Export all your analysis reports with one click (JSON / PDF)
- Delete a single record or all your data at any time
- Closing your account deletes everything permanently — no recovery, no retention
Audit logs
Every analysis is fully logged — who ran which method on which recording, and when — keeping every action traceable and accountable.
- Records the operator, timestamp, method used, and target recording
- Every credit change leaves an audit trail
- Admins can review the team's operation history
Sharing controls
When you share an analysis report, you stay fully in control. Share links can be revoked at any time, set to expire, or protected with a password.
- Share links can be revoked at any time and stop working instantly
- Set a link's validity period (1 day / 7 days / 30 days)
- Password protection is supported, so only those who know the password can view
Principle of least privilege
All API keys and service credentials follow the principle of least privilege — granted only the minimum permissions needed to do the job, never over-provisioned.
- API keys are isolated by function, with permissions kept to a minimum
- Third-party services are granted only the read/write scopes they need
- All credentials are reviewed and rotated regularly
Enterprise-grade infrastructure
Deep Insight Agent is built on Supabase (PostgreSQL), with enterprise-grade database security, automatic backups, and disaster recovery.
- Supabase-managed PostgreSQL, SOC 2 Type II certified
- Automatic daily database backups with point-in-time recovery
- High-availability architecture with automatic failover
Third-party services and data flow
We're fully transparent about where your data goes. Here are the third-party services Deep Insight Agent uses and how they handle data:
| Service | Purpose | Data-handling commitment |
|---|---|---|
| Anthropic Claude | Deep analysis engine | API data is not used for training and is deleted automatically after 30 days |
| Alibaba Cloud Tongyi Tingwu | Audio transcription | Called only when you upload audio yourself; results are retrieved once transcription completes |
| Supabase | Database and file storage | SOC 2 Type II certified, with automatic encryption and backups |
Common security questions
Will my meeting recordings be used to train AI?
Absolutely not. The Anthropic Claude API that Deep Insight Agent calls explicitly commits that data sent through the API will never be used for model training. Your business secrets will never become training material for any AI.
Can other users see my analyses?
No. Deep Insight Agent uses database-level Row Level Security, and every record is bound to an organization ID. Even if an application-layer vulnerability appears, the database layer still enforces isolation, so your data can't be accessed by other tenants.
What happens to my data if I stop using Deep Insight Agent?
You can export all your data with one click under "Settings." After you close your account, all data is permanently erased and cannot be recovered — we keep no copies.
Are the analysis reports I share secure?
Fully under your control. Every share link supports revocation, expiration, and password protection. Once revoked, a link stops working instantly and no one can access it.
Does Deep Insight Agent support private, on-prem deployment?
Yes. The Enterprise edition can be deployed on your own servers, so data never leaves your internal network. For details, contact enterprise@zaowuyun.com.
Security questions? Reach out anytime
If you have any security concerns, have found a potential vulnerability, or want more technical detail, please get in touch using the channels below.
You can also use the feedback page to submit a security-related report