Security & Trust

How we protect your voice and your data · Updated July 2026

The short version: Your data is encrypted at rest with keys we don't even hold ourselves — they live in AWS's key-management service. Your voice recordings are never stored. You can export or delete everything at any time. We don't sell your data, ever.

Encryption

Encrypted at rest — with keys we can't leak

Everything sensitive — your email, transcriptions, saved snippets, and vocabulary — is encrypted in our database using AES-256-GCM, an authenticated encryption standard used by governments and banks.

The part that matters most: the master key never lives on our servers or in our database. It's held in AWS Key Management Service (KMS), a hardware-backed vault. Our application asks KMS to unlock a working key at startup and never sees the master key itself. That means even in the worst case — someone getting a copy of our database — the data stays encrypted and unreadable without AWS KMS.

In transit, every connection is protected with TLS (HTTPS) — every API call, every transcription, every response.

Your voice

Zero audio storage

Your voice recordings are never saved — not on our servers, not in our database. Audio is held in memory only long enough to transcribe it, then immediately discarded. We keep the resulting text (encrypted), never the sound of your voice.

Your rights

Built for GDPR

reiwrite is built with GDPR in mind. Concretely, that means you control your data:

  • Export everything — download all your data in one request.
  • Delete your account anytime — a full erasure that removes every record we hold about you, whether you signed up with a password or with Google.
  • Opt-in, not opt-out — the optional feature that learns from your writing to improve results is off by default. It only ever runs if you turn it on, and you can turn it off whenever you want.
  • We never sell your data — to anyone, for any reason.

Transparency

Who processes your data

We rely on a small set of trusted providers to run the service. Each only receives what it needs for its specific job:

Amazon Web Services (AWS)

Cloud hosting and encryption key management (AWS KMS). Region: Asia Pacific (Mumbai).

OpenAI

Speech-to-text transcription and AI text refinement. Audio and text are sent for processing and returned; we store only the resulting text.

MongoDB Atlas

Encrypted database for your account and transcription history (AWS-hosted infrastructure).

Razorpay

Payment processing for credit purchases. We never see or store your card details.

Microsoft

Optional email integration — only if you connect a mailbox.

Accounts & access

Protecting your account

  • Passwords are stored as bcrypt hashes — we never store or can read your actual password.
  • On the desktop app, your login token is encrypted by your operating system's secure keychain (Windows DPAPI).
  • You can sign out of all devices instantly — sessions are revoked on the spot, not left to expire.
  • Login attempts are rate-limited and locked after repeated failures to stop brute-force guessing.

Contact

Report a security concern

Found something, or have a question about how we handle data? Email security@reiwrite.com. For the full legal detail, see our Privacy Policy.