Your data is
protected
Security is not an afterthought. It is built into every layer of ReadyCheck, from infrastructure to application code.
Security measures
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 via our infrastructure providers (Supabase and Vercel). Meeting content, transcripts, and personal information are protected at every stage.
Infrastructure
ReadyCheck runs on Supabase (SOC 2 Type II certified) and Vercel, both of which provide secure, redundant infrastructure with monitoring and uptime guarantees.
Access Controls
Row-level security (RLS) at the database level ensures users only access data within their organization. We follow the principle of least privilege for production access.
Authentication
We support secure authentication via magic links, email and password (hashed by Supabase using bcrypt), and OAuth with Google.
Data Isolation
Each organization's data is logically isolated using tenant-based RLS policies. Cross-tenant access is architecturally impossible at the database level.
Incident Response
We will notify affected customers within 72 hours of discovering any data breach. As we grow, we are formalizing our incident response processes.
Consent-first
recording
Meeting transcription is entirely opt-in. Recording only begins when every participant in the meeting has explicitly granted consent.
Consent records are stored and auditable. Any participant can revoke consent at any time, which immediately stops transcription for the meeting.
Transcripts are processed using enterprise-grade speech recognition with strict data handling agreements. Audio is not retained after processing, and transcripts are stored with the same encryption as all other meeting data.
Security practices
Secure Development
We follow OWASP best practices for web application security, keep dependencies updated, and use parameterized queries and input validation throughout the codebase.
Vendor Selection
We use established, security-focused vendors: Supabase (SOC 2 Type II) for database and auth, Vercel for hosting, Anthropic for AI, and Deepgram for transcription.
Dependency Management
We regularly update dependencies and review security advisories. Our infrastructure providers handle OS-level patching and vulnerability management.
Access Controls
Production database access is restricted to service role keys used only in server-side code. We use environment variables for all secrets and credentials.
How we handle AI data
ReadyCheck uses AI to generate personalized prep prompts, compile agendas, and create meeting summaries. Here is how we handle your data during AI processing:
Data minimization
We only send the minimum necessary context to AI models. Full meeting transcripts are processed in isolated requests.
No model training
Your data is never used to train AI models. We use API agreements that explicitly prohibit training on customer data.
Ephemeral processing
AI providers do not retain your data after processing. Requests are processed and immediately discarded.
Enterprise providers
We use enterprise-tier AI services with SOC 2 compliance and contractual security guarantees.
Report a vulnerability
We appreciate the security research community. If you discover a vulnerability in ReadyCheck, please report it responsibly.
Email security issues to:
security@readycheck.space