Trust Center

Security & compliance, in specifics.

This page is written for security reviewers, compliance officers, DPA teams, and legal counsel. It states exactly what data Osora processes, where it lives, how secrets and personal data are handled, and who our sub-processors are. For the countersigned legal instruments, see the DPA, Privacy Policy, and Terms.

Last reviewed: July 2026

Hosting region

United States (AWS us-east-1)

Encryption

TLS 1.2+ in transit · AES-256 at rest

Model training

Anthropic & OpenAI don't train on API inputs

Certification

SOC 2 Type I in progress · GDPR & CCPA aligned

What data Osora processes

Osora is a processor acting on documented customer instructions. Three classes of data flow through the service:

Recording media

Screen video, microphone audio, and periodic vision-frame snapshots captured while a user records a session.

Resides in: Vercel Blob (US), served only through an ownership-gated proxy

Derived company memory

The compiled process, transcript, extracted entities and facts, and their embeddings — what makes memory searchable.

Resides in: Neon Postgres (US-East)

Integration signals

Text pulled from connected tools (e.g. Gmail, Calendar) when a customer enables them — redacted of secrets and PII before storage.

Resides in: Neon Postgres (US-East)

How secrets & personal data are handled

Capture is the most sensitive surface in the product, so redaction is layered — at the endpoint and again on the server — and designed to fail closed. We are candid about the edges: content spoken aloud or shown on screen is processed under the controls below, and residual risk (for example, a secret displayed as static text) is documented rather than hidden.

On-device redaction before upload

In the browser extension, known secrets (API keys, tokens, JWTs) and structured PII (emails, phone numbers, SSNs, card numbers, ID patterns) are detected and redacted at the moment of capture — before any bytes leave the endpoint.

Sensitive-field video curtain

When a high-risk field (password, payment, or government-ID) is focused, the recorded screen is curtained and vision-frame sampling is suspended — on every recorder path — so credentials never enter the video in the first place.

Screenshot masking, fail-closed

Sensitive regions in action screenshots are painted over in the browser before upload. If a mask cannot be rendered, the screenshot is dropped rather than sent.

Server-side defense-in-depth

Transcripts and integration text are scrubbed of secrets and PII again on the server before they are persisted, full-text indexed, embedded, or sent to any AI provider — so redaction does not depend on the client alone.

Consent & a visible recording signal

Recording requires explicit consent, which is logged. A recording indicator is burned into the video itself, so the signal survives even on pages where an on-screen badge cannot be shown.

Tenant-scoped access

Every record is scoped to its organization. Recordings, memory graph, and skills are isolated per tenant and never commingled; media is reachable only via an ownership- or share-token-checked route.

Sub-processors

Each sub-processor is engaged under a data-processing agreement. We give advance notice of new sub-processors and an opportunity to object. Enterprise customers may use Bring-Your-Own-Key (BYOK) to keep AI processing within their own provider account.

Sub-processorPurposeDataRegionTraining
NeonPrimary application databaseAccount data, compiled processes, company memory, derived text + embeddingsUS — AWS us-east-1
VercelApplication hosting & blob storageRecording media (screen video, audio, vision frames), screenshotsUS
ClerkAuthentication & user identityLogin identifiers, session tokensUS
AnthropicAI processing (default model provider)Transcripts, vision frames, and event text for process/entity extractionUSDoes not train on API inputs
OpenAIText embeddings for memory searchRedacted transcript, entity, and integration textUSDoes not train on API inputs
DeepgramSpeech-to-text transcriptionRecorded / meeting audioUS
RailwayMeeting-bot worker infrastructureMeeting audio and vision frames during a live bot sessionUS
SentryError monitoringApplication error traces (no recording content)EU
ResendTransactional emailEmail address, notification contentUS

Data residency & international transfers

The service is hosted in the United States (US-East): application compute and the primary database (Neon, AWS us-east-1) are co-located there. Where personal data is transferred from the EEA, UK, or Switzerland, the transfer relies on the European Commission's Standard Contractual Clauses (with the UK and Swiss addenda as applicable). In-region residency for the EU is available to Enterprise customers on request.

Encryption & access control

Retention, export & data-subject rights

Customers set a retention window per organization; when set, sessions and their media blobs are hard-deleted after the window elapses. On request, Osora assists with access, rectification, erasure, and portability. Account deletion removes stored data and its underlying media blobs. On termination, personal data is deleted or returned (default: deletion within 30 days), subject to legal retention requirements. To exercise a right or request a countersigned DPA, email richie@getnolea.com.

Contact

Security questions, a vulnerability report, or a completed questionnaire request: richie@getnolea.com. For the marketing overview of our trust posture, see the Security page.

This Trust Center describes controls in effect as of the review date above and is provided for informational purposes; it does not modify any agreement between Osora and its customers. Where this page and an executed agreement differ, the executed agreement governs.