Compliance
Security & Trust
How TokTalk protects your data with enterprise-grade security.
1. SOC 2 Aligned Architecture
TokTalk's infrastructure is designed in alignment with the SOC 2 Trust Service Criteria. While we have not yet undergone a formal SOC 2 audit, the following controls are implemented and operational:
2. Security Controls
Encryption in Transit
All data is encrypted using TLS 1.3 between your device and our servers.
Encryption at Rest
Your data is stored with AES-256 encryption on our PostgreSQL database.
Row Level Security
Every database table enforces row-level isolation—users can only access their own data.
Secure Token Storage
On macOS, authentication tokens are stored in the system Keychain, not in local storage.
Audit Logging
All sensitive operations (admin access, data exports, account changes) are recorded in an immutable audit log.
Automated Vulnerability Scanning
Dependencies are scanned weekly via GitHub Dependabot for known security vulnerabilities.
Webhook Verification
All incoming webhooks (Supabase, Mollie) are cryptographically verified before processing.
Prompt Injection Protection
Our AI prompts include trust boundaries and injection-resistant patterns.
3. No Audio Storage
Your voice recordings are processed exclusively in transient memory (RAM) and are never written to disk. Only the resulting text transcriptions are stored in your account, under your full control.
4. European Infrastructure
| Service | Provider | Location |
|---|---|---|
| AI Processing | Mistral AI | Paris, France 🇫🇷 |
| Database & Auth | Supabase | EU Region 🇪🇺 |
| Payments | Mollie | Amsterdam, Netherlands 🇳🇱 |
| Hosting | Vercel | EU Region 🇪🇺 |
5. Compliance Portfolio
6. Contact
For security inquiries or to request our security questionnaire:
Email: info@toktalk.co