Audio is discarded right after transcription
Tiro’s principle is simple: audio is processed only for transcription, then discarded beyond recovery the moment that’s done.- Live recording: your microphone and system audio are transcribed in a stream, then dropped from memory once converted. Nothing is written to disk in plain form.
- Audio file upload and offline recording: uploaded files are discarded automatically after transcription and speaker separation finish.
- The only exception is when you turn it on yourself. When you enable paragraph-level audio replay, the audio stays in your own account’s encrypted storage. It’s off by default, and the audio is destroyed when you turn it off or request deletion. Your organization can also block this feature for everyone.
How is your data stored?
- Note text is stored on our servers so you can read it across your devices. It lives in the AWS Seoul region (ap-northeast-2) and is replicated across availability zones (Multi-AZ).
- Stored data is encrypted with per-user and per-organization keys using AES-256, and traffic in transit is protected with TLS 1.3.
- Access is tightly controlled. Permission to read data in plain form is limited to the CTO and one senior engineer, and every access is logged permanently down to the query and column.
Your data is never used to train AI
No information, including your conversation records, is used to train or fine-tune models. This is the same for free, paid, and enterprise customers, and every LLM and speech-recognition vendor Tiro relies on is under a no-training, zero data retention agreement.What happens when you delete something?
- Deleting a note: it’s removed immediately from the operational database, search index, and cache. Disaster-recovery backup copies are discarded automatically once the retention period (up to 21 days) passes.
- Deleting your account: the related data is removed beyond recovery (within 30 days at most). Encryption-key deletion is scheduled alongside it, so any residual data becomes permanently inaccessible.
Security certifications
- Tiro holds ISO/IEC 27001:2022 certification (June 2026).
- The SOC 2 Type 1 audit is complete, and Type 2 is in its observation period.
- Audit reports are available after you sign an NDA.
Security options for enterprises
On the Enterprise plan you can configure audit logs (SIEM integration), an allowlist of external sharing domains, data-retention policies with deletion evidence, SAML/OIDC SSO, MFA, SCIM, and session and device controls, all at the policy level. If you need security review materials (data location, compliance, sub-processor list), reach out to our sales team. For setup details, see organization security settings.Frequently asked questions
Does Tiro keep the audio files I record?
Not by default. Audio is discarded right after transcription, and it’s kept in your own account’s encrypted storage only when you turn on paragraph-level audio replay yourself.Can Tiro staff see my notes?
Access to data in plain form is limited to two people, and every access is logged permanently. We don’t access customer notes unless it’s operationally necessary.Does my data leave the country?
Note data is stored in the AWS Seoul region. With an Enterprise contract, you can also arrange a dedicated VPC or a different region. For organization-level security options, see organization security settings.Related pages: Paragraph-level replay · Local audio storage · Account management guide