Encryption
All traffic is encrypted in transit with TLS 1.2+. Stored files, extracted text and generated audio are encrypted at rest with AES-256.
Authentication
- Hashed passwords (bcrypt/argon2)
- Optional sign-in with Google
- Two-factor authentication on the roadmap
- Session invalidation on password change
Infrastructure
We run on hardened cloud infrastructure in ISO 27001 / SOC 2 certified regions, with isolated environments, least-privilege IAM, automatic patching and continuous monitoring.
Vendor management
We vet every sub-processor for security and privacy, sign DPAs, and limit data sharing to what is strictly required to deliver the service.
Backups and resilience
Critical data is backed up with encrypted, geographically separated snapshots. Backup restoration is tested regularly.
Vulnerability disclosure
Found a security issue? Email security@imagetospeech.org. Please give us reasonable time to fix before public disclosure. We acknowledge reports within 72 hours and credit researchers in our hall of fame on request.
Incident response
In the unlikely event of a breach affecting your data, we will notify you within the timelines required by applicable law (typically 72 hours under GDPR) with what happened, what data was involved and what we are doing about it.