Security

Api.audio relies on a hierarchical data model which makes it easy for you to administer content and keep workloads low while making sure your user data and/or your users’ data is safe. The latter is important as most musical assets are subject to licensing and voice data (as well as a voice model imitating this voice) are usually considered personal identifiable information.

Where is my data stored, and is it secure?

Yes, your data is secure, and is always stored by you.
When any content is created with Api.Audio the backend proxies the request to the database, and is applying the credentials server-side. Only you will be able to access the data you create or handover. In the case you let your products' user create or upload audio to Api.Audio, we offer special tools and restrictions that keep their data safe and private.

What do you do to keep Api.Audio secure?

Security affects everything we do at Api.Audio. Here a couple of thing we pay attention to:

  • Force HTTPS on all connections, so data in-transit is encrypted with TLS.

  • Encrypt all database data at-rest with AES-256.

  • Host all servers in the EU (Dublin), in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Our data centers have round-the-clock security, fully redundant power systems, two-factor authentication and physical audit logs.

  • Besides ISO27001 and SOC1 and SOC2, our infrastructure also follows HIPAA, PCI, DSS & cloud security alliance frameworks.

  • Regularly conduct external penetration tests from third-party vendors (reports available for enterprise customers).

  • Regularly conduct security awareness training sessions with all employees.

  • Maintain detailed audit logs of all internal systems.

  • Have a bug bounty program, in order to work with security researchers when they identify potential security vulnerabilities. We respond to all reports within 24 hours from submission. You can email us at [email protected] with any security concerns.

What sort of data does Api.Audio store?

  • We store metadata about your API calls; you content is encrypted and you own your content.
  • We store some data about what your users are listening to, if you use our connectors.