Last updated: February 2026
This Security Policy describes how Traction protects your data and maintains the privacy and integrity of information processed through our Service. It outlines our approach to consent, encryption, data sovereignty, AI model usage, and our ongoing compliance certifications.
Traction takes a privacy-first approach to meeting transcription. Our platform is designed to minimise the collection and retention of sensitive data while still delivering full meeting intelligence capabilities.
No Audio or Video Storage: We do not store any audio or video files from your calls. Transcription occurs in real time, and only the written transcript is retained in our system.
Consent Requirements: Meeting participants should be informed that transcription is taking place. Consent requirements vary by jurisdiction — including state-by-state in the United States and separately under UK and European law — and apply equally to audio recordings and transcripts.
Data Minimisation: By transcribing in real time and discarding audio and video files immediately, we limit the volume of sensitive data stored while preserving full meeting intelligence functionality.
Traction maintains strict controls over how customer data interacts with AI models. We use enterprise-grade AI services that provide strong contractual guarantees around data handling.
No Training on Customer Data: Your meeting transcripts and associated data are never used to train AI models. Our AI providers do not retain or learn from your data.
Processing Only: AI models process your data solely to generate summaries, insights, and automations. This data is not stored by AI providers beyond the scope of a single request, nor used for model improvement.
Transparent AI Usage: All AI-powered features are clearly indicated within the product. Users have full control over which AI features and automations are applied to their meetings.
Traction implements industry-standard encryption across all accounts, with optional enterprise-grade enhancements available for organisations with elevated security requirements.
Encryption in Transit: All data transmitted between your browser and our servers is protected using HTTPS/TLS encryption, preventing interception during transfer.
Encryption at Rest: All data stored in our AWS infrastructure is encrypted at rest, protecting stored data from unauthorised physical or logical access.
Access Controls: Traction supports configurable access control rules, allowing organisations to define which users can access specific data within their account.
Database Memory Encryption: Available as an enterprise add-on, we can implement in-memory database encryption using Cypher Stash technology — providing an additional layer of protection for sensitive data such as transcripts, even while in active use on the server.
Pricing: Subject to an annual fee (currently approximately $4,000/year base cost, subject to change based on usage).
Traction currently operates on shared global infrastructure, with region-specific hosting available as an enterprise consideration.
Current Hosting: Traction is hosted on AWS infrastructure via Vercel. Data residency is not currently restricted to specific geographic regions.
Region-Specific Hosting: Hosting data exclusively within Australia or other specific regions would require material infrastructure changes and is not currently offered as a standard configuration.
Enterprise Consideration: We evaluate region-specific hosting requirements on a case-by-case basis for enterprise customers with defined regulatory obligations. Data sovereignty requirements are assessed independently of SOC 2 compliance.
Traction is actively working toward SOC 2 Type II certification to demonstrate our commitment to security, availability, and confidentiality controls.
Current Status: We are SOC 2 ready and have engaged a certification partner (Banter) to manage the formal assessment process.
Target Timeline: We expect to complete SOC 2 certification in Q1–Q2 2026.
Scope: Certification will cover our core platform security controls, data handling practices, and operational procedures.
Traction is currently undergoing Cloud Application Security Assessment (CASA) Tier 2 certification. CASA is an industry-recognised security assessment framework required by Google as part of the OAuth application verification process for apps requesting access to sensitive Google API scopes.
Purpose: CASA Tier 2 certification demonstrates that Traction meets the security requirements set by Google for applications integrating with Google Workspace — including Google Meet and Google Calendar — ensuring that data accessed via Google APIs is handled responsibly and securely.
Assessment Framework: The assessment is based on the OWASP Application Security Verification Standard (ASVS) and is conducted by an authorised third-party assessor.
Current Status: Assessment is actively underway. Certification is expected to be completed in the near term.
For organisations with the highest security and privacy requirements, Traction is exploring on-device transcription as a future enterprise offering.
Zero Server Processing: On-device transcription processes audio entirely on the user's local device, meaning no audio data is transmitted to or processed on Traction's servers.
End-to-End Encryption: Combined with end-to-end encryption, this model ensures that only the user can access their transcript data.
Availability: This capability is being developed for enterprise customers with strict data sovereignty or air-gapped environment requirements.
This security policy is designed to address the needs of organisations handling sensitive information, including those in financial services, healthcare, government, and enterprise environments. For specific security questionnaires, compliance inquiries, or to discuss your organisation's requirements, please contact us at support@traction.team.