Driffle handles sensitive context — calendars, messages, transcripts, browsing. We think you deserve a plain-English account of what we store, what we don’t, and the limits of where we are today. No certification badges we haven’t earned, no buzzwords. If something below doesn’t add up, tell us.

security@driffle.ai. We respond within 1 business day and credit researchers in our changelog when fixes ship.Skim these. If they answer your question, you can stop here. Everything below is the long version.
Driffle never auto-joins meetings, auto-records, or runs in the background. You hit a button, it works. You close it, it stops.
Audio is transcribed in real time and discarded. We retain the resulting text and the notes you write — not the raw recording.
Our transcription and model vendors (OpenAI, Anthropic, Deepgram) are contractually blocked from training on your content.
We may train internal models on anonymised, aggregated data to improve quality. There’s a single toggle in Settings to turn that off. Workspace plans default to off.
Your notes are visible only to you until you explicitly share. Workspace admins do not see private notes — only what’s shared into shared folders.
Individual notes are removed immediately. Full-account deletion clears your data within 30 days, including backups. We’ll show you the receipt.
The single most-asked question we get: “Wait, do you actually keep the audio?” No. Here’s the whole pipeline, with retention windows in the bottom corner of each card.
Notes, transcripts, and account metadata are stored in our US-region AWS Virtual Private Cloud. They are encrypted at rest using AES-256 and in transit using TLS 1.2+. Daily snapshots are retained for 30 days and encrypted with the same keys.
Access to production systems is limited to a small number of engineers, requires hardware MFA, and is logged. We use separate environments for development, staging, and production, with no customer data outside production.
For desktop, transcription happens locally on macOS and Windows where the hardware supports it; otherwise it’s streamed to our transcription vendor and returned as text. Either way, the final transcript and your notes round-trip to our cloud so they sync across devices.
If you need a strictly on-device deployment, ask us about workspace plans — we’re working on an offline-only mode for regulated industries.
We maintain a public Vulnerability Disclosure Policy. Reports go to security@driffle.ai with optional PGP. We aim to acknowledge within 1 business day, triage within 3 days, and patch critical issues within 7. Post-mortems for resolved vulnerabilities are published openly — we believe you should be able to read about our mistakes.
Yes. We engage an independent third-party firm for an annual application and infrastructure pentest. The most recent test was completed in February 2026. We don’t publish the full report, but a summary letter is available under NDA.
Honest answer: no, not yet. Here’s where we are today:
We’ll update this page the moment any of that changes — not in a launch announcement, not in a footer badge, here.
Yes, on workspace plans. We support SAML 2.0 with any IdP that speaks it (Okta, Google Workspace, Azure AD, OneLogin, JumpCloud). SCIM provisioning is in beta. Workspace plans also get just-in-time deprovisioning when a user leaves your IdP.
All customer data is stored in AWS regions in the United States (us-east-1 primary, us-west-2 for failover). EU residency is on the roadmap for late 2026 but is not available today. If EU residency is a hard requirement, please tell us before signing up so we can be straight with you about timing.
Account deletion is immediate from your perspective — notes vanish, links break, the workspace closes. Behind the scenes, your data is purged from primary storage within 24 hours and from encrypted backups within 30 days. We’ll send you a written confirmation when the backup window closes.
Yes. Settings → Export generates a ZIP containing every note as Markdown, every transcript as plain text, and a JSON manifest of metadata. Exports are produced asynchronously and emailed to you when ready, usually within minutes.
We keep your notes and transcripts for as long as your account is active. Audit logs are retained for 12 months. Anonymised, aggregated usage telemetry is kept for 24 months. Raw audio (when it briefly exists in transit during cloud transcription) is dropped within 60 seconds.
We request the narrowest scopes we can: read-only calendar (to know what meeting you’re in), profile (to know your name), and email (to identify you). We do not read your inbox and we do not write to your calendar. Tokens are encrypted at rest and revocable from your account dashboard or directly from Google / Microsoft.
We may train internal models on anonymised, aggregated content to improve summary quality and feature ranking. You can disable this in Settings → Privacy → Training. Workspace plans have training disabled by default; individuals opt-in implicitly and can opt out at any time.
When you turn training off, we drop your future content from our training pipeline immediately. Content that has already contributed to a trained model cannot be retroactively removed from that model — this is a limitation of the technology, not an exception we want to hide.
No. We use OpenAI, Anthropic, Deepgram, and AssemblyAI under zero-retention or short-retention agreements that explicitly prohibit model training on customer prompts. Vendors are listed in our subprocessor registry, which we update before adding any new vendor.
On workspace plans, yes. You can point Driffle at your own OpenAI, Anthropic, or Azure OpenAI deployment and we’ll route all model calls through your tenant. We never see the prompts or responses in that mode.
Transcription: Deepgram Nova-3 by default, AssemblyAI as fallback. Summarisation and chat: Anthropic Claude Sonnet 4.5 by default. Embeddings: an in-house model running on our infrastructure. The active model for each request is logged and visible in the meeting’s metadata pane.
You can edit or delete any AI-generated note, attribution, or summary. We don’t use AI output for any consequential decision about you (no scoring, no ranking, no eligibility). If you find a consistent error pattern, please write to help@driffle.ai.
By default, only you. Notes become visible to other people only when you explicitly share them — via a share link, a folder permission, or a workspace channel. A small number of Driffle engineers can technically access production data for incident response; all such access is logged and reviewed.
No. Workspace admins see usage reports, billing, and any content explicitly shared into workspace folders. They do not see your personal folder, your private meetings, or your draft notes. We have considered “admin override” modes and chosen not to ship one.
We don’t store passwords — authentication is done via Google, Microsoft, or your SAML IdP. Sessions are signed JWTs scoped to a single device, valid for 14 days, and revocable from Settings → Devices. Idle sessions are forced to re-auth on workspace plans per your admin’s policy.
Not yet. Some features (transcription, notes) require an account because they sync across devices. We’re exploring a local-only mode that keeps everything on-device and requires no signup — no firm date.
Yes. Our standard DPA covers GDPR Article 28 controller-processor terms and Standard Contractual Clauses for EU-to-US transfer. We can sign as-is or work through reasonable redlines. Request a copy from dpa@driffle.ai.
We offer a private-tenant deployment in AWS for workspaces of 200+ seats. Your data lives in an isolated VPC under our operational control, with a separate KMS key tree. A true self-hosted (customer-operated) build is on the roadmap but not available today.
Workspace admins can export an audit log of authentication events, share-link creation, permission changes, and export actions. Logs are available via the dashboard or as a SIEM-friendly JSON stream. Retention is 12 months by default; longer on request.
AWS (hosting), Anthropic (LLM), OpenAI (LLM, fallback), Deepgram (transcription), AssemblyAI (transcription, fallback), Stripe (billing), Stytch (auth), Linear (issue tracking, no customer data), Sentry (error reporting with PII redaction), Resend (email). Email trust@driffle.ai to subscribe to subprocessor change notifications.