Security by Design
Privacy isn't a feature we bolted on. It's the reason Beaver AI exists.
No Audio or Video Storage
AI Notetaker: text-only capture. Magic Whiteboard: ephemeral audio streaming. Zero files stored.
Not Used for AI Training
Your data will never be used to train AI models - by us or anyone else.
Yours, Always
Your meeting data belongs to you. Delete it any time - it's gone for good.
How Beaver Works - The Privacy-First Architecture
Most meeting tools work by recording your audio, uploading it to a server, and running speech-to-text. That creates an audio file of your conversation that lives on someone else's servers. Beaver doesn't do that.
Beaver collects transcriptions, not audio
Beaver joins your meeting as a participant and collects transcriptions. Text-only - no audio signal is ever accessed.
Transcripts are stored securely, linked only to your account
Transcriptions are stored in an encrypted database, accessible only to you (and team members you invite). No one else can see them.
AI summarisation happens under strict data controls
When the meeting ends, the text is sent to a private AI model to generate a summary.
Magic Whiteboard: Ephemeral Audio Architecture
Magic Whiteboard processes audio in a real-time streaming pipeline. Audio frames from participants are transcribed by the speech-to-text engine and immediately discarded. There is no audio buffer, no temporary storage, and no audio data at rest — ever.
Audio is streamed, never stored
Participants' voice data travels via WebRTC to the transcription engine. Audio exists only in transit — the moment speech is converted to text, the audio data is gone.
Only text is retained
The text transcript and AI-generated insights (action items, decisions, summaries) are the only data stored — under your control, deletable at any time.
On-prem option for full data sovereignty
For organisations requiring complete control, Magic Whiteboard can be deployed entirely within your own infrastructure. All audio processing, transcription, and AI analysis occurs on your network.
Our Security Commitments
All data is encrypted in transit using TLS
All data is encrypted at rest
Passwords are hashed using industry-standard algorithms — we never store plain-text passwords
OAuth tokens (for integrations) are encrypted at rest and can be revoked at any time from your settings
We do not have access to your meeting platform credentials
We conduct regular dependency and security reviews
We follow the principle of least privilege — internal access to production data is minimised and logged
Found a Vulnerability?
We take security reports seriously. If you discover a potential security issue, please disclose it responsibly by contacting us. We'll respond within 48 hours and work with you to address the issue promptly.
Please don't publicly disclose security issues before giving us a reasonable opportunity to fix them.
Questions?
If you have questions about our security practices, use our contact form.