Our commitment to your data

We secure your data, limit how it's used, and respect user control. You own your content, and it's our responsibility to protect it from unauthorized access.

How we protect your files

RaeNotes prioritizes data protection and confidentiality in every evaluation. We protect files that go between you and our app with HTTPS protocol and TLS 1.2 encryption. It ensures the secure delivery of your data over the Internet, avoiding possible eavesdropping or alteration of the content. Files in transit between our app and our servers, and at rest are encrypted with AES-256 (256-bit Advanced Encryption Standard). It requires 2²⁵⁶ different combinations to break your encrypted message, which is virtually impossible.

Where we store your data

We take care of the technical security: we host everything with Amazon Web Services (AWS). We store, process, and transmit your data in the United States in data centers owned and operated by AWS. AWS provides enterprise-level security, encryption, and compliance certifications. AWS undergoes independent audits and provides SOC 1, SOC 2, and SOC 3 reports via AWS Artifact.

AWS is certified against ISO/IEC 27001:2022 for its security management system over a defined scope of services and data centers. From a technical and security perspective, your data is protected by the same infrastructure that powers many large organizations worldwide. You can find more information about AWS data centers here.

We don't use your data to train AI models

We don't use your data to train AI models. Your audio, video, and transcripts are processed only to provide the services you've asked for. Our AI learns patterns mainly from ICF competency definitions and frameworks, as well as synthetic examples created specifically for training purposes.

Who can access your data

No one sees your data until you decide to share it. You can expressly give permissions to specific people or make your content publicly availiable to anyone on the web. You control the level of access and set permissions to either view, comment, edit and share.

How we protect your privacy

You own your data, and it's our responsibility to protect your files from unauthorized access. Our privacy policy clearly describes what information we collect, use, retain, and how we protect it.

How long we retain your data

You will always have access to your files. When your subscription ends you will lose access to Raenotes' functionality but you will be able to view, export and delete your data. When you remove your files, we delete the audio/video and the transcription from our platform completely.

At RaeNotes, even we can't see your data

Raenotes' employees don't have access to your audio, video, and transcripts unless you give us permission. We only have access to file metadata (file sizes, upload date, not the file contents). We have strict policy and technical access controls that prohibit access to file content. Our privacy page and terms of service list this out in further detail.

Third-party services

We integrate with third-party services that are vital to RaeNotes's functionality. We use OAuth, an industry-standard protocol for authorization, to grant third-party apps different levels of access without exposing your account credentials. These providers only access your information to perform tasks on our behalf. See our Privacy Policy for more information.

• Stripe, Inc. for billing and payment.
  We don't store your billing information. RaeNotes uses Stripe, Inc. for billing and payment. Stripe Inc. stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that Stripe Inc. is certified as complying with the EU-US Privacy Shield regime. Stripe retains payment information according to their privacy policy at https://stripe.com/privacy. Compliance: SOC 1 and SOC 2 Type II reports annually. PCI DSS Level 1 Service Provider. ISO 27001 certified.
• FullStory, Inc. – used to improve our platform and customer experience.
  If you register for our free services, RaeNotes may use FullStory to analyze customer interactions for troubleshooting, data analysis, testing, system maintenance, and support. Data is stored in a U.S. data center. FullStory adheres to privacy frameworks (such as Standard Contractual Clauses and the EU-U.S. Data Privacy Framework) when transferring personal data across regions to meet legal requirements like GDPR. RaeNotes has executed a GDPR-compliant DPA with FullStory. Compliance: SOC 2 Type II and SOC 3 attestations. ISO 27001 certified.
• Amplitude, Inc. – used for usage analytics.
  If you register for our free services, RaeNotes may use Amplitude to analyze customer experience and product usage patterns. Amplitude hosts customer data in data centers in the United States and the European Union, both on Amazon Web Services (AWS) infrastructure. The EU data center supports data storage, querying, and processing so companies can keep data within the EU if required by regulation. Compliance: SOC 2 Type II report. ISO 27001, ISO 27017, and ISO 27018 certified for platform services.
• Google, Inc. – used for usage analytics.
  Google, Inc. uses a global network of secure data centers — spread across many countries and regions — to store and serve your data. Compliance: SOC 2 and SOC 3 certified. Google Cloud Platform, Google Workspace, Apigee, and common infrastructure are certified as ISO/IEC 27001:2022 compliant.

How to run Raenotes in the private cloud

Raenotes is the multi-tenant cloud application, which means that all of the customers share the same copy of the application code. Your data is stored in a single, shared, and encrypted database where all system passwords are encrypted using AWS Key Management Service. You can request an unique instance of the software where your data is physically separated from other customers’ data by contacting us.