Maemoe

— Security

Security

Last updated: 2026-04-21

Maemoe is built around a single idea: a recording belongs to the person who took it. This page describes the technical and operational controls we use to keep that idea true. For a plain-English view of what we collect and why, read the Privacy Policy. If you believe you've found a security issue, please report it to support@sansatech.com.

Encryption

  • In transit. All connections between the Maemoe app, our servers, and our processors use TLS 1.2 or higher. HTTP Strict Transport Security is enforced on this domain.
  • At rest. Audio in flight and transcripts stored on our behalf are encrypted at rest using AES-256 managed by our cloud provider.
  • On device. Local copies of your recordings and notes live in iOS app-sandbox storage and inherit Apple's Data Protection. If you enable a device passcode, your data is encrypted until your device is unlocked for the first time after boot.

What happens to a recording

  1. You tap record. Audio is captured by the Maemoe app.
  2. When you stop, the audio is uploaded over TLS to our backend.
  3. Our backend forwards the audio to a contracted AI transcription and summarization provider. Under contract, that provider processes only what's needed to return your notes and never retains the audio beyond a short operational window.
  4. The provider returns a transcript and the structured outputs (summary, topics, key points, decisions, action items, open questions, full minutes).
  5. Maemoe discards the raw audio. The transcript and notes are stored in your account, encrypted at rest.

Access controls

  • Production systems are behind single sign-on with multi-factor authentication required for every engineer.
  • Access to customer data is scoped to the smallest set of engineers who need it, logged, and reviewed.
  • Secrets and credentials are stored in a dedicated secret manager, never in code or in CI logs.
  • We separate staging and production environments; real customer data is never used for testing.

We do not train on your data

We do not use your recordings, transcripts, or notes to train AI models — ours or anyone else's. Our contracts with transcription and summarization providers explicitly prohibit them from doing so too. If this ever changes we will disclose it before the change takes effect, with an opt-out.

Data retention and deletion

  • Raw audio: discarded on the backend as soon as transcription completes. Never retained.
  • Transcripts and notes: kept until you delete them. Removed from backups within 30 days of deletion.
  • Account closure: all personal data is removed within 30 days of you closing your account, except anything we must retain to meet a legal obligation (tax, audit).

Incident response

In the unlikely event of a security incident that affects your personal information, we will notify you and, where required, regulators without undue delay, in line with our obligations under GDPR, CCPA, and applicable breach-notification laws.

Responsible disclosure

If you believe you've found a vulnerability in Maemoe, please email support@sansatech.com with the subject "Security report" and include steps to reproduce. We commit to:

  • Acknowledging your report within 2 business days.
  • Keeping you informed as we investigate and fix the issue.
  • Crediting you publicly once the issue is resolved, if you'd like to be credited.

Please do not test against other users' data, run denial-of-service attacks, or publicly disclose the issue before we have had a chance to fix it.

Compliance posture

We design Maemoe's controls to align with common industry frameworks (SOC 2 control families, the AWS Well-Architected security pillar, and Apple's platform security guidance). Formal attestations will be pursued as the business matures.