Security Approach
TalkWriter is not currently ISO 27001 certified. This page explains the security principles we follow and what certification plans are on our roadmap.
Current Status
| Certification | Status |
|---|---|
| ISO 27001 | Not certified |
| Planned | On the Enterprise roadmap |
Our Security Principles
Even without formal ISO 27001 certification, TalkWriter follows core information security principles:
Data Minimization
We collect and store only what is necessary: your account profile, dictionary, snippets, settings, and session metadata. Audio is never stored. Dictated text is not permanently retained on our servers.
Encryption
All data in transit is encrypted with TLS 1.3. Passwords are hashed and salted.
Secure Development
Code changes go through review processes. We use version control and deploy changes through controlled pipelines.
Vendor Security
We use established, security-conscious third-party services (Soniox for speech recognition, Anthropic's Claude for AI processing, Stripe for payments).
Incident Response
We have internal procedures for detecting and responding to security events. If a security issue is discovered, we communicate transparently with affected users.
Roadmap
ISO 27001 certification is being considered for the Enterprise plan. If your organization requires ISO 27001 compliance from vendors, contact sales@talkwriter.ai to discuss your needs and timeline.
FAQ
Does lacking ISO 27001 mean TalkWriter is insecure? No. ISO 27001 is a management framework and certification -- it verifies that security processes are systematic and documented. TalkWriter follows strong security practices; we have not yet gone through the formal certification process.
What compliance certifications are planned? SOC 2, ISO 27001, and HIPAA are all being considered for the Enterprise plan. Contact sales@talkwriter.ai to express interest.
Was this helpful? Let us know at support@talkwriter.ai