How does Versational keep user information/data safe?

Modified: Jul 14, 2023

Data security and storage

Versational has a robust Security policy to secure user data and the product infrastructure from malicious attacks. Below are responses to some common security-related questions.
1. Where is your data stored and how safe is it?
  • The Versational solution is deployed in Amazon Web Services (AWS) cloud. There are no endpoints exposed outside of the AWS cloud environment.
  • Our production and staging environments are in a Virtual Private Cloud and our database is hosted in AWS RDS.
  • AWS supports 89 security standards and compliance certifications including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, NIST 800-171, SOC 2 Type II and ISO 27001 more than any other cloud provider, our solutions are hosted in one of the most secure environments among all public cloud service provider.
2. Can your data be stored in your own private cloud or data center?
  • Yes. This is currently available for enterprise customers only.
  • We understand that your meeting data is mission-critical and some conversations can be highly confidential. We've designed our infrastructure to be completely deployable in your own organisation's cloud or data center.
  • This does not include the few third party services that Versational uses.
  • You can request a copy of the high-level architecture diagram. Please email or contact us.
3. Can the Versational internal team access your data?
  • Versational employees do not have access to production customer recording data by default.
  • Usually access to meeting data is not required even for support purposes.
  • However, if during a support request, access to meeting data is deemed essential, then permission is requested from the user with justifiction for why meeting data is required.
  • We apply the principle of least privilege in our access controls mechanism to sensitive data. Access to sensitive data is based on a need-to-know basis and is strictly monitored and audited.
4. Is it possible to delete or remove any data?
  • You can delete your meetings from the Versational app. See Single or Batch deletion of recordings.
  • Deleted meeting recordings cannot be recovered. They are permanently removed from the database.
5. What calendar data do you access when you integrate with Google or Microsoft Outlook calendars?
  • We use OAuth 2.0 to authenticate with Google or Microsoft to integrate your calendar with Versational.
  • Versational accesses your calendar data like Meeting title, which is used as the title of the meeting recording.
6. What data do you collect from our calls to improve your analysis and insights accuracy?
  • It is restricted to only data related to the meeting and nothing else.
  • We keep track of your edits to the AI-Gems and questions you are asking AI-Ally to improve personalisation of suggested questions.
  • Your edits and questions are fed back to our Machine Learning pipeline to improve the AI-Gems models and our AI-Ally Q&A bot to increase their accuracy and provide you a better experience and personalised question suggestions.

Compliance and Security

SOC 2 Type II and GDPR Compliance

1. What is SOC 2 compliance?
  • The American Institute of Certified Public Accountants' SOC 2 is an auditing process that ensures a company securely manages data and protects the privacy of its clients.
  • It defines criteria for handling customer data based on five trust service principles, which are security, processing integrity, availability, confidentiality, and privacy.
2. What is GDPR compliance?
  • Similarly, we are General Data Protection Regulation (GDPR) compliant. GDPR is the world's most widespread privacy and security law and includes guidelines for collecting, processing, and storing the personal information of individuals inside the European Economic Area.
In accordance with our uncompromising stance toward the security and confidentiality of your data, we are hosted on Amazon AWS who are SOC 2 Type II and GDPR compliant. This means our organization has the infrastructure, tools, and processes to protect customer data from unauthorized access both from within and outside the firm.
For details on Versational security policy, please email or contact us.

Versational Product and Feature Design for Privacy and Security

Versational Architecture

  • Versational is deployed on AWS and utilizes services that use industry-grade security standards.

User Settings

  • Versational platform uses the privacy-by-design approach. Therefore, a meeting recording is owned by the user who uploads or records the meeting.
  • When the user shares the recording, internally or externally, the recording ownership remains with the user who shares the recording. Recipients of the share cannot edit or re-share the recording.
  • That owner of the recording can revoke a share from a particular user at any time.

Privacy Settings

  • Versational platform provides the ability for individual users to control who can view their meeting insights and analysis.
  • Recording owners can share recording internally to specific team members or externally to specific users who are not within the team.
  • Non-Versational users will only be presented with the guest view which contains a small subset of the complete analysis of the recording.  

Vulnerability Management


AWS CloudWatch is used for monitoring the complete solution stack in Production. Since we use AWS services for the key components of the system, such as AWS Fargate, ECS, ECR, RDS, ELB, these services export status data to CloudWatch. Sentry is used for real-time performance and issue monitoring setup for the ML models. Issues that are encountered are notified via emails to a specified email address.

Backup and Recovery

The entire application stack is backed up daily by AWS backup and recovery services. Backups are stored for 7 days and are then discarded.