We use cookies for essential functionality and, with your consent, analytics. Privacy Policy

Back to Home
Security

Your meetings are
confidential. We keep them that way.

Security isn't a feature we bolted on. It's how we built IceCubes from day one. Every layer of the stack is designed to keep your conversations private and under your control.

AES-256-GCM Encryption
HTTPS Enforced
GDPR Compliant
CCPA Compliant
Default-Deny Security Rules
No AI Training on Your Data

Security at every layer

Compliance

SOC 2

Actively working toward Type II. Enterprise-grade compliance with DPA standards.

ISMS

ISO 27001

Building toward ISO 27001 certification. Information security management aligned with international standards.

Healthcare

HIPAA

Working toward HIPAA compliance. Architecture designed with healthcare data protection requirements in mind.

Encryption

End-to-End Encryption

AES-256 at rest, TLS 1.3 in transit. Your data is protected at every step.

AI Privacy

Zero AI Data Retention

Your data never trains models and nothing gets stored after processing. Your conversations stay yours.

RBAC

Access Controls

Granular, role-based permissions ensure only the right people see what they need.

Audit Trail

Full Traceability

Complete audit trail with every transformation logged. Click any output to trace its source.

GDPR / CCPA

Data Ownership

You decide what happens with your data. We're just the processing layer.

Under the hood

The technical details behind how we protect your data across infrastructure, authentication, APIs, and the browser extension.

Infrastructure

  • HTTPS enforced at the edge on all connections
  • Google Cloud infrastructure for authentication and storage
  • Automatic scaling with health checks every 15 seconds
  • US-East primary region with global edge distribution

Authentication

  • Short-lived tokens with 1-hour TTL, refreshed every 45 minutes
  • Server-side token verification on every API endpoint
  • Google OAuth 2.0 with minimal calendar-only scopes
  • No long-lived secrets stored on client devices

API Security

  • Strict CORS origin whitelisting for icecubes.app and verified extensions
  • Per-user rate limiting on all endpoints
  • Security headers: X-Content-Type-Options, X-Frame-Options, Permissions-Policy
  • Bearer token authentication with automatic 401 retry

Extension Security

  • Isolated content script world with no access to page JavaScript
  • Host permissions limited to supported meeting platforms only
  • Tokens stored with OS-level encryption
  • Transcripts sent only to your IceCubes account, nowhere else

How your data flows

We believe you should know exactly what happens to your meeting data at each step.

01

Capture

Transcripts are captured locally in your browser or phone. Mobile audio stays on-device until you choose to upload.

02

Transit

All data travels over TLS 1.3. Every API request is authenticated with short-lived tokens verified server-side.

03

Storage

Encrypted at rest with AES-256 on Google Cloud. Access is controlled by default-deny security rules.

04

AI Processing

Summaries and insights are generated on-demand. Your content is never stored by AI providers or used for training.

Your data, your rules

You own your meeting data. We give you the tools to control access, retention, and deletion.

Export anytime

Download your transcripts, summaries, and insights whenever you want, in standard formats.

Delete everything

One-click account deletion wipes all your data: meetings, recordings, contacts, calendar connections, and org ties. Full GDPR and CCPA compliance.

Control sharing

Revoke shared links, remove participants, and manage who in your organization can see what. All from your dashboard.

Questions about security?

We're happy to walk you through our security practices. Reach out anytime.

Contact Security TeamPrivacy Policy