Security for your team
Supernormal takes notes on your meetings then completes your work for you. Here is exactly how we protect your data, in plain language.
Send this page to your IT or operations team
Your data, your control
Your data is yours
How your data flows
Your data is yours
Take notes
Audio from the meetings you choose to take notes on.
In transit
Encrypted with TLS 1.2+ the moment it leaves your device.
Process
Transcribed and summarized inside SOC 2 infrastructure.
At rest
Stored with AES-256 encryption, private to your account.
Your control
Share, export, or delete it whenever you want.
Integrations and connectors
You control all data sources
Meetings and audio
Takes notes only on the meetings you choose to capture.
Nothing is noted until you choose to start
Calendar
Reads your schedule to understand attendees and meeting naming.
It never creates or edits events without your approval.
Drafts follow-ups and shares recaps when you ask it to.
It only reads threads tied to a meeting, and never sends without checking with you first.
Documents
Reads docs from Drive, Notion, and linked sources, so agents have necessary context.
Files are read in the moment and not stored beyond what is needed.
Connected tools
Sends action items and recaps into Slack, Linear, and more.
Every integration is optional and can be disconnected any time.
Built on solid ground
Enterprise-grade security, end to end
Encryption
TLS 1.2+ in transit and AES-256 at rest, protecting your data across its full lifecycle.
Access and permissions
Least-privilege, role-based access so people and systems see only what they need.
Incident response
A defined incident response plan with monitoring and rapid escalation when it matters.
Secure development
Security built into the development lifecycle, with code review and testing before release.
Corporate security
Internal traffic over TLS, a central identity provider with 2FA, and annual staff security training.
Vulnerability management
Regular third-party penetration testing and continuous vulnerability monitoring.
Certifications and frameworks
Independently verified, ready for review
SOC 2
Audited annually by an independent third party against the security, availability, and confidentiality criteria. Report available under NDA.
HIPAA
Supernormal supports HIPAA compliance and will sign a Business Associate Agreement for teams handling protected health information.
GDPR Compliant
Built for EU data rights, including access, portability, and erasure. A Data Processing Agreement is available for every customer.
For your security review
Questions decision-makers ask
Is my data used to train AI models?
Who can see my meeting notes?
Where is my data stored?
How long do you keep my data?
Do you support single sign-on?
Can I get your SOC 2 report and a DPA?
How do I report a security vulnerability?
Full transparency
Every sub-processor we use, kept current
See the full, up-to-date list of third parties that may process data on our behalf, what each one does, and where. Every sub-processor operates under a strict data-processing agreement.
Report a vulnerability
Found a security issue? We run a responsible disclosure program and respond to every report.
Safe harbor for good-faith research
Rewards for valid findings rated CVSS 4 or higher
Request documentation
SOC 2 report, DPA, BAA, and our latest penetration test summary, available under NDA.
Sent under NDA
Reviewed by your account team
Security