SECURITY
Security & Compliance
TranscriptED is built around the principle that HR data demands the highest standard of protection. Every architectural decision — from data residency to access control — has been made with UK employment law, GDPR, and education-sector best practice in mind.
Data residency
Audio files are processed within the EU. Transcripts and all associated metadata are stored exclusively in the UK. No data leaves these jurisdictions at any point during the processing pipeline. This architecture ensures full compliance with UK GDPR data residency requirements.
Encryption
All data is encrypted at rest using AES-256. Data in transit is protected with TLS 1.2 or higher. Encryption keys are managed through a dedicated key management service with automatic rotation policies.
Access control
TranscriptED enforces role-based access control scoped to each organisation. Authentication is handled via JWT tokens with short-lived sessions. Users can only access meetings and records that belong to their own organisation, and administrative actions are restricted to designated roles.
Audit trail
Every action in the system — from login to export — is logged with a timestamp, user identity, and action type. Audit logs are immutable and available to organisation administrators on request, providing full traceability for compliance reviews and tribunal proceedings.
Subprocessors
TranscriptED uses a small number of carefully selected subprocessors, each bound by Data Processing Agreements:
- ElevenLabs — Transcription (EU processing)
- Anthropic — Summarisation (EU processing)
- Google Cloud Platform — Hosting (UK region)
Full subprocessor details are available on request as part of our DPA documentation.
Data Processing Agreement
A comprehensive DPA is available on request for any organisation evaluating or using TranscriptED. To request a copy, contact us at dpa@transcripted.co.uk.