Security

Security that you can rely on.

TalkType is built to meet the security and compliance requirements of modern organisations. Your data is stored in the UK, encrypted at every stage, and never used to train AI models.

Certifications at a glance

Enterprise-grade security

ISO 27001:2022 certified

GDPR and UK GDPR compliant

Your data is never used to train AI models

Compliance

Standards we hold ourselves to.

We follow strict data protection principles, and everything we store is handled in line with GDPR. Our certifications give you a clear, independent measure of how seriously we take information security.

GDPR and UK GDPR - Compliant

All data is processed in line with UK and EU data protection law. Certificate available on request.

ISO 27001:2022 - Certified

The international standard for managing the confidentiality, integrity and availability of information. Certificate available on request.

ISO 9001:2015

Working towards certification. Our quality management system standard.

SOC 2

Working towards certification. Governance and controls.

How we protect your data

Data residency and encryption

TalkType is hosted entirely on Google Cloud, with all customer data stored and processed within the UK and EU.

UK data storage All customer data we store remains within the UK.
System hosting All of our systems are hosted on Google Cloud in the UK.
UK and EU processing All processing takes place within UK and EU environments.
Always encrypted Everything stored within TalkType, including backups, is protected using AES-256 encryption. Anything travelling between your device and our servers is secured using TLS.

Identity and access management

TalkType gives you and your organisation control over who can access the platform and how, with options that suit both individual users and enterprise teams.

SAML SSO Sign in with your work Google account. Available for enterprise customers.
Two-factor authentication 2FA is available on all user accounts.
Role-based access Role-based access controls and approvals for privileged actions.
Least-privilege internal access Our internal access model restricts production access to only those who need it.
Audited admin access Time-bound, audited administrative access for support, where required.

AI and data privacy

We only collect and process the data we need to run TalkType. Access to customer content is tightly restricted, and every instance is logged, so there is a clear, auditable trail at all times.

Never used to train AI No customer data we hold is ever used to train AI models.
Admin control over AI Admin controls let you disable all generative AI features across the product.
Restricted, logged access Access to customer content is limited to those who need it, and every instance is recorded.
Speechmatics TalkType uses Speechmatics, a UK-based speech recognition provider, to power dictation. Audio is processed in real time and is not retained once transcription is complete.

Infrastructure and sub-processors

We work with a small number of sub-processors to deliver TalkType. Each operates within the UK or EU and is engaged only for its specific function.

Google Cloud (UK) Hosting
Speechmatics (UK) Transcription
Stripe (EU) Payments
HubSpot (EU) CRM
Customer.io (EU) Communications
Chameleon (EU) Product engagement
MailSend (EU) Transactional messaging
Want the detail?

Everything in one place

Our Trust Centre brings together our policies, certifications and security documentation, so your IT, security and procurement teams can find what they need quickly.

Visit our Trust Centre
Contact

We'd love to hear from you

Drop your details below and a member of our team will be in touch within 48 hours.