Skip to content
Earth Day sale: April 22 through May 5 — save on Comulytic Note Pro
Comulytic

Your Privacy, Our Priority

At Comulytic, protecting user data and safeguarding privacy are foundational principles of our product design. We apply rigorous technical and organizational measures to ensure that your recordings, transcripts, and related information remain secure at every stage of processing.

Cybersecurity illustration
Compliance badge

CCPA, GDPR & ISO Compliance

Comulytic complies with the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), ensuring that personal data is processed lawfully, transparently, and with respect for user privacy. In addition, our internal processes and security controls are aligned with internationally recognized standards, including ISO 9001 for quality management and ISO/IEC 27001 for information security management.

As part of our ongoing commitment to data protection and operational excellence, we continuously review and enhance how customer data is collected, managed, and secured to meet evolving regulatory requirements and security best practices.

Product & Hardware Compliance

Comulytic hardware products are designed and tested in accordance with applicable product safety, security, and regulatory requirements across key global markets. Our devices follow the relevant technical standards and conformity obligations for the regions in which they are distributed, including:

  • United States - FCC electromagnetic compatibility and wireless compliance
  • Canada - ISED radio and electronic equipment compliance
  • United Kingdom - UKCA marking and PSTI Statement of Compliance
  • European Union - CE marking and EU Declaration of Conformity
  • Australia / New Zealand - RCM safety and radio communications compliance
  • Japan - TELEC / MIC wireless and technical standards conformity

Comulytic maintains supporting technical documentation and conformity records for eligible products and markets to demonstrate alignment with applicable regional regulatory requirements.

Hardware compliance illustration
AI processing illustration

AI Processing & Data Usage

Comulytic leverages advanced AI services to deliver transcription, summaries, and insights. Audio data is transmitted securely to these AI providers solely for the purpose of delivering requested functionality. User data is never used to train AI models, nor shared for advertising or profiling purposes.

Data Center Compliance

Comulytic operates in Amazon Web Services (AWS) data centers in the USA. AWS offers a comprehensive suite of compliance and regulatory certifications, including SOC 1-3 and ISO/IEC 27001. For more details, refer to AWS's official compliance and security documentation.

Comulytic x AWS
Data center illustration
Data security diagram

Data Security

All connections to the Comulytic platform are secured using industry-standard SSL/TLS encryption. Insecure HTTP requests are automatically redirected to HTTPS, and support for modern TLS 1.3 is enabled to maintain a high level of protection during data transmission.

Customer data is encrypted both while being transmitted and when stored. Audio recordings saved on user devices are protected with AES-256 encryption at the local level, ensuring strong security even before any data leaves the device. Encryption keys are centrally managed in the cloud and protected by strict access control policies.

Cloud infrastructure is hosted on Amazon Web Services (AWS) and utilizes managed services such as Amazon OpenSearch Service and MySQL for reliable data storage and retrieval. All sensitive data stored in the cloud is encrypted at rest using AES-256 and transmitted over TLS 1.2 or TLS 1.3, in alignment with AWS security best practices.

Comulytic continuously applies recognized security standards and cloud-native safeguards to preserve the confidentiality, integrity, and availability of customer data across our systems.

Security Safeguards

To ensure a high standard of protection, Comulytic implements a multi-layered security approach across both its server infrastructure and applications.

Server-Side Security Measures

Our server environment is protected through multiple safeguards, including:

  • Advanced firewall protections combined with continuous threat monitoring
  • Automated mechanisms to detect and prevent abusive or bot-driven activity
  • Routine security assessments and system audits to identify and address potential vulnerabilities

Application-Level Security Measures

Comulytic also incorporates strong security controls within its applications, including:

  • Automatic account suspension triggered after a defined number of failed login attempts
  • App-level access protection using the device's native security features, such as Face ID, Touch ID, or screen passcodes
  • Content-level protection through Contact Profile Locks, secured by the device's Face ID, Touch ID, or screen passcodes
Security safeguards illustration
User rights illustration

User Rights & Transparency

Processed recordings and notes are stored securely in the cloud only when users enable the Cloud Backup feature for user access and management, otherwise recordings are stored securely in the mobile App or device, and notes are stored securely in the cloud.

Users remain in full control of their data:

  • Individual notes or recordings can be deleted at any time.
  • Deleted data is permanently removed from active systems.
  • Account deletion results in the complete removal of all associated user data from Comulytic's servers.

Comulytic is committed to transparency and user control. Our services operate in accordance with applicable data protection regulations, and users may review, export, or delete their data at any time in line with our Privacy Policy.

Report a Vulnerability

Comulytic is committed to delivering secure and reliable products and services for our users. We welcome responsible disclosure from independent security researchers, industry partners, vendors, customers, and members of the broader security community who help us strengthen our security posture.

If you believe you have identified a potential security vulnerability in a Comulytic product or service, please submit a report through our Vulnerability Report Form. Submissions are reviewed by our security response team and handled in accordance with our coordinated vulnerability disclosure process.

Once your report is received, we will acknowledge submission within 7 calendar days and conduct an initial risk assessment within 3 business days. Based on the assessed severity, our expected remediation timelines are as follows:

  • Critical-risk vulnerabilities - targeted remediation within 3 business days
  • High or Medium-risk vulnerabilities - targeted remediation within 30 business days
  • Low-risk vulnerabilities - targeted remediation within 180 business days

We will provide progress updates at least once every 30 days until the issue has been resolved. We sincerely appreciate all researchers and contributors who help us improve the security of our products and protect our users.

Vulnerability warning illustration

Please note that certain issues may be affected by environmental, hardware, or deployment constraints. In such cases, the final resolution timeline will be determined based on real-world feasibility.

Click Here to report a Vulnerability

If you have any additional questions or security-related concerns, please contact us at security@comulytic.ai. We are committed to reviewing and responding to all security reports within 24 hours.

Never Miss a Clue with Comulytic

Try Free Unlimited Now