Privacy & Security
Practical guide to data handling, compliance, and security controls
What Data ReadingMinds Collects
We collect:
- Interview transcripts: anonymized by default
- Emotion/sentiment signals: derived from voice in real time
- Respondent metadata: only what you configure in your study settings
We do NOT collect:
- Voice recordings: audio is processed in real time and never stored
- Personal identifiers: unless explicitly configured by the client
How Data Is Protected
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for all data at rest
- AWS US-East hosting with SOC 2 certified infrastructure
- Role-based access controls with full audit logging
Compliance
GDPR
Data Controller (you) / Data Processor (ReadingMinds). A Data Processing Agreement (DPA) is available upon request.
CCPA
Consumer rights fully supported.
HIPAA
Automatic PII stripping with move-on behavior for sensitive data shared during interviews.
SOC 2
Type II certification in progress via Vanta.
ISO 27001
On roadmap.
Your Controls
- Configure data retention periods from 1 to 36 months
- Export all data before deletion
- Right to deletion requests honored permanently and irreversibly
- Invite-only access to studies
- SSO integration available for enterprise teams