Security Policy

Discover how PodcastAI prioritizes and upholds a company culture that deeply respects information security and data privacy.

Sean Duncombe avatar
Written by Sean Duncombe
Updated over a week ago

At PodcastAI, we recognize that safeguarding both company and client information is a shared responsibility amongst all our employees and contractors. Our smaller size is an advantage, enabling us to quickly communicate, implement, and train on new information, policy modifications, emerging external threats, and new tools.

Physical Security Standards


Our servers are hosted on Digital Ocean, ensuring robust physical data security and rigorous environmental controls. Any environment where data might be transmitted or stored is thoroughly assessed and tested to guarantee it meets our security standards.

Data Encryption

We employ secure encryption for all sensitive or confidential information (including PHI and PCI data) that is stored or transmitted over electronic communication networks. This protects against unauthorized access by rendering the data unusable, unreadable, and indecipherable to any unauthorized individual.

Data Privacy

We only collect and process information as provided to us by our customers, who are the owners of their data. Our privacy policy, available on our main website, details our information management practices, the types of information we collect, and how we use this information.

Data Security

We deploy hardened systems, secured environments, and role-based access control to protect customer data from unauthorized access. All access to our systems is closely controlled, with the utilization of two-factor authentication and industry-leading encryption algorithms.

Application Security

Our application servers are protected behind industry-standard firewalls with restricted ports. Passwords are encrypted during transmission and stored in a hashed format. We prioritize maintaining our internal network with vulnerability and patch management, and we scan our code for vulnerabilities before each production release.

Incident Response, Disaster Recovery & Business Continuity

We have clearly defined incident response and disaster recovery policies and perform daily backups. In the event of any unauthorized access detected through our monitoring tools, PodcastAI staff will:

  • Activate the Incident Response Plan and assemble response team members

  • Immediately reset all relevant passwords and revoke relevant keys, if applicable to the situation

  • Notify PodcastAI's Engineering, Product, and Customer Success teams

  • Notify affected customers (if impacted) about the intrusion and if/how their data was compromised, providing timely updates on progress

  • Conduct an assessment to identify the source of the breach and attain necessary third-party assistance with forensics if required

  • Define system or process improvement tasks to avoid future incidents

  • Communicate to affected customers (if impacted) about the improvement plan and update them as improvements are deployed We also maintain a business continuity plan that is tested and revised as necessary and at least annually.

Security, Privacy & Compliance

We offer on-going training for our employees on all information security policies and practices and enforce disciplinary measures for violations of our policies and procedures. Our team adheres to a process for onboarding and off-boarding, providing only least-privilege access when appropriate for job function - a practice known as role-based access control.

We maintain compliance with HIPAA and are PCI Compliant; thus, we fulfill these requirements throughout the year, which includes a series of checks, obligations, and independent audits for verification.

Contact

If you have questions or comments regarding PodcastAI's Information Security initiative, please contact us using the messenger app.

Did this answer your question?