Security & Privacy

In Progress

SOC 2 & ISO 27001 are in progress

We take security and privacy seriously. We've started the formal process to achieve SOC 2 and ISO 27001, and we're currently implementing controls and collecting evidence ahead of independent audits. Our team has extensive experience in data and security-minded product delivery, including leadership in high-stakes environments where reliability and control matter (e.g. building algorithmic data systems that supported $2B+ in annual trading activity) and we've designed Wendi's data handling around strict, practical controls, even before certifications are finalised.

These certifications take time (and cost) to complete; so while they're underway, we've shared a clear, comprehensive breakdown below of how Wendi stores, processes, and protects your data today.

Data Storage & Processing

By default, Wendi only stores transcripts from your audio. Transcripts are used to generate summaries to augment your meeting experience. Wendi processes raw audio in real-time on your device and does not store any audio files.

We primarily process and store data in the UK and EU. Enterprise customers can request specific data residency configurations to ensure their data stays within a particular jurisdiction.

We maintain data for the duration of your active subscription. Enterprise users can define custom retention policies for transcripts and insights, including automated deletion schedules.

Deletion requests trigger a full purge of the specific meeting record, transcript, and associated insights from our production databases and caches.

We never use raw customer data in development or testing environments. If data is needed for debugging or product improvements, it is strictly anonymized.

AI Privacy

No. We do not use your personal data or conversation transcripts to train any AI models. We also by default opt out of any programs offered by third party providers for our data being used to train their models.

Voice data is processed in real-time and encrypted throughout the entire pipeline. Voice data is not stored, it is only used for live transcription.

Access is strictly limited to authorized personnel only when required for technical support, governed by rigid internal access control policies.

Data Security

Yes. Wendi encrypts customer data in transit and at rest. Data is protected in transit using TLS for communications between clients and Wendi and between Wendi’s internal services. Data stored within our Google Cloud environment is encrypted at rest, using Google Cloud’s platform encryption controls.

Wendi is built so that customer data is protected by role-based access controls and least-privilege permissions across our systems. Access to production data is restricted to a small set of authorized personnel for operational support purposes only, and access is controlled via Google Cloud identity and permissioning. We do not provide broad internal access to customer transcripts or content as part of normal operations.

Wendi operates as a multi-tenant system with strict tenant isolation. All data records and queries are scoped by tenant/workspace, and access is enforced through authorization checks in the application layer alongside database access controls. This design prevents one customer from accessing another customer’s data.

Wendi uses Google Cloud’s operational logging and access controls to support auditability of platform operations. We can provide visibility into relevant security and administrative activity where appropriate (for example, during a support case or security review), and we maintain controls to detect and investigate unauthorized access attempts.

Wendi runs on Google Cloud and uses security controls designed to protect systems and customer data. If we identify a security incident affecting customer data, we will take steps to contain it, investigate impact, and notify affected customers without undue delay, providing details on what happened, what data was affected (if any), and the remediation actions taken.

Consent & Participant Notice

Yes. If you're capturing notes or transcribing a conversation, you should tell participants and get consent where required by law, regulation, or your company policy. Consent requirements vary by location (and sometimes by the location of each participant). You're responsible for understanding what applies and for obtaining any required consent. Wendi helps you make this easy and consistent, but it can't make compliance decisions on your behalf.

Wendi will automatically provide a pop-up message template you can copy and paste into your preferred meeting software (Zoom, Teams, Meet, etc.). You stay in control: you'll post it yourself, in the moment, with wording that's clear and repeatable.

You'll get a short, plain-English disclosure message that explains Wendi is being used for transcription/notes. You can use it as-is, or tailor it to your company's wording.

Because meeting platforms make this unreliable. Most meeting tools don't offer a consistent, permission-based way for desktop apps to automatically send chat messages across all setups (different org settings, app versions, browsers, admin restrictions, and accessibility controls). Even when it can work in some environments, it's brittle — and disclosure is too important to leave to something flaky. So we've designed this to be simple, fast, and dependable: Wendi gives you the message; you paste it where it belongs.

Wendi is currently a desktop app. If you're using WhatsApp Web or Telegram calls on your computer, you should manually notify participants before transcription where required. (We don't support running Wendi on your phone yet.)

Yes. We're working on an enterprise version that will include a workspace-wide toggle to turn notifications on/off across a company; so disclosure can be handled consistently, not left to individual preference.

Still have questions?

If you have any questions, email us at dev@iamwendi.ai; we're happy to help. We don't offer an enterprise plan yet, but we're building towards it. If you'd like to use Wendi sooner and run a manual security review with your team (questionnaire, call, or audit checklist), we'll gladly support that process.