Speach Security FAQ
Security is one of Speach’s top priorities. You trust us to share your knowledge across your organization, and we take this mission very seriously. We leverage the latest technology and security features to protect your data. We also engage in performing regular audits to continue improving our policies and procedures.
Speach commits to protect your privacy. We are GDPR and CCPA compliant.
The Speach application only requires basic information from its users: full name and an email address.
On clients’ Speach platforms, Speach acts as the data processor.
On Speach owned platforms and corporate websites, Speach acts as the data controller. Our privacy notice, available on each platform, describes the data collection scope, the purpose for data collection, the data lifecycle, and other relevant information for data subjects.
Speach has appointed a Data Protection Officer reachable here.
You can consult our corporate website’s privacy notice here.
Where is my data stored?
We store our users’ data in highly secured data centers located in the US and EMEA. Customers can choose where to store their data during the Speach platform provisioning phase.
Speach Chrome extension
The Speach Chrome extension only requires access to capture your screen, your webcam, and microphone. Third-party security specialists regularly audit our Chrome extension during pentesting engagements.
How do we protect your data?
Together we are stronger. This is why at Speach, protecting your data is a team effort!
Our staff is trained and aware of privacy and security related risks. Our set of policies gives us the framework to have an effective Information System Security management.
You can configure Single Sign-On (SAML) on your Speach platforms, enabling you to provision users, groups, and privileges dynamically. Using SSO with your ID Provider also gives you full control over “Access Management.”
Speach platforms offer different roles with granular privilege management and various visibility restrictions for your content.
Besides that, we implement security principles like need-to-know and least-privileges to prevent unauthorized access to your data. Only specific employees can access user data. Access is monitored and tracked. We store access logs for a year.
Data Center Security and Compliance
Speach relies on AWS data centers. AWS holds multiple certifications on security matters: ISO 27001, ISO 27017, ISO 27018, PCI DSS Service Provider Level 1, and SOC 1/2/3. AWS operates in alignment with the uptime institute Tier III+ guidelines.
AWS infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and your data. AWS on-site security includes several features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.
Network Management and Security
Our hosting provider maintains industry standard fully redundant and secure network architecture with sufficient bandwidth and redundant network infrastructure to mitigate the impact of individual component failure. Our security team utilizes industry standard utilities to defend against common unauthorized network activity, monitors security advisory lists for vulnerabilities, and undertakes regular external vulnerability scans and audits.
Our infrastructure is well-architected using cloud performance and security best practices.
- The Speach application is highly available and scalable
- Storage is redundant
- AWS Cloudfront CDN network for faster access to your content
- AWS Shield DDoS protection
- AWS Web Application Firewall
- Segregated networks
- Intrusion Detection Systems monitoring
- DevSecOps with integrated DAST/SAST in CI/CD processes
Speach undergoes an annual SOC2 Type II audit. You can request our latest SOC2 report here.
Third-Party Penetration Tests
Each year, in addition to our extensive internal scanning and testing program, Speach employs third-party security experts to perform a comprehensive penetration test on its application and infrastructure.
- Encryption in Transit
Speach platforms only authorize encrypted browsing via SSL/TLS.
- Encryption at Rest
Storage volumes are encrypted at rest using AES-256 key encryption with AWS Key Management Service.
We leverage redundant storage technologies to store your data. Additionally, your data is backed up in an encrypted format and stored in a different data center to ease disaster recovery.
Authentication and Credential Storage
While you do not rely on Google or Microsoft for your authentication, Speach follows secure credential storage best practices by never storing passwords in human-readable format (a secure, salted, one-way hash).