IRB-ready documentation

1. Where is participant audio processed?

Audio is uploaded directly from the researcher’s device to Cloudflare R2 object storage. R2 replicates across Cloudflare’s global infrastructure with no egress fees and no cross-provider data transfer; the bucket is scoped to TigerScribe only. Transcription and speaker-embedding workloads run on Trigger.dev containers and Vercel functions and pull audio from R2 over authenticated short-lived URLs.

We do not export audio to third-party storage. Recording lifecycle stays within R2 (storage), Trigger.dev (compute), Vercel (web delivery), and Neon Postgres (transcript + metadata) — each listed in §6 below.

2. Who has access?

• Authorized study personnel (researchers logged in to the workspace) — full access to the recordings they upload.
• Sub-processors — listed in §6 below; access is least-privilege and limited to the operational role each performs.
• TigerScribe employees — no routine access to customer audio or transcripts. Time-bounded support access is granted only with a documented support case and customer consent, and every access is logged.
• No third-party advertisers, data brokers, or analytics providers receive recordings, transcripts, or voiceprints.

3. Is participant data used to train AI models?

Sub-processors (§6) are contractually bound to the same restriction. Sub-processor sessions cannot retain customer audio for model improvement. Researchers can request a written attestation from dpo@tigerscribe.com for IRB submission packages that require one signed by an officer.

4. Encryption

• In transit — TLS 1.3 with modern ciphers; HSTS preload submitted.
• At rest — AES-256 on all persistent storage (database, object storage, backups).
• Voiceprints — stored as embeddings, encrypted at rest, never transmitted in plaintext.
• Backups — encrypted at the storage layer; same key-management discipline as primary storage.

5. Retention and deletion

Default audio retention is 30 days for free-tier accounts. Researchers can configure a per-recording retention window (7 / 30 / 90 / 180 / 365 days, or no auto-delete for IRB-approved indefinite retention) on the transcript settings page. Voiceprints are retained until user deletion.

Deletion-on-demand: deleting a recording from the dashboard removes the audio file, transcript, and any extracted embeddings within 24 hours. Backups are purged on a 30-day rolling window. Participants who withdraw consent can be honored by the researcher deleting the recording from the workspace; if a vendor- level deletion is required (e.g., the participant contacts us directly), email dpo@tigerscribe.com with the recording reference and we will action it within 72 hours.

6. Sub-processors

The full list of vendors that can technically touch customer data, in the role they perform:

• Vercel, Inc. — Web hosting & edge delivery (US, EU)
• Neon, Inc. — Postgres database hosting (US (us-west-2))
• Cloudflare, Inc. — Object storage (R2), DNS, DDoS, WAF (Global edge)
• Trigger.dev — Background tasks (transcription, speaker matching) (US)
• AssemblyAI / Gladia — AI transcription engine (US, EU)
• Anthropic — LLM-assisted speaker name inference & anonymization (US)
• Stripe / Lemon Squeezy — Payments & merchant of record (US, EU)
• Resend — Transactional email (US)

New sub-processors are announced 30 days in advance via the change-log page so researchers can update their data-management plans before the change takes effect. Researchers operating under a Data Processing Agreement also receive a direct notification.

7. Anonymization

TigerScribe ships a one-click anonymization workflow on the transcript page. Names of people, organizations, locations, schools, and emails are replaced with consistent placeholders ([NAME_1], [ORG_1], etc.) and a downloadable redacted transcript is produced alongside the original. The anonymization is a per-recording choice; the original transcript is preserved in the workspace and accessible only to the researcher.

For studies that require anonymization to happen before any analyst other than the PI sees the transcript, run the anonymization pass immediately after AI transcription and verify a sample of the redacted output before sharing with co-investigators or research assistants.

8. HIPAA / BAA availability

A Business Associate Agreement is available for accounts that use TigerScribe for research touching protected health information. Request the BAA from baa@tigerscribe.com; standard turn- around is 3-5 business days. The signed BAA covers the full HIPAA Security Rule controls list. Note that the BAA must be in place before any PHI is uploaded.

9. FERPA (educational research)

For educational research with student participants, our data-handling practices align with FERPA. We do not disclose educational records to third parties without the researcher’s direction; we treat student-identifying transcripts under the same access-control regime as any other customer data. Researchers operating under FERPA should additionally use the per-recording retention setting to match their IRB-approved retention window.

10. Breach notification

In the event of a security incident affecting customer data, we will notify affected accounts within 72 hours with a description of the incident, scope, mitigation, and any action required of the researcher (e.g., re-uploading data that was lost). For incidents affecting personal data of EU residents, the notification timeline aligns with GDPR Article 33.

11. Audit logs and provenance

Every recording carries a per-recording lifecycle log accessible to the researcher: upload, transcription start/finish, speaker matching, anonymization runs, retention changes, and deletion. The log is available on the recording detail page and can be exported alongside the transcript for inclusion in the data-management plan or final dissertation appendix.

12. Copy-paste summary for ethics applications

For your IRB / REB / Ethics Board data-management plan:

Replace the bracketed placeholders with the values that apply to your study. If your IRB requires a vendor-signed attestation, email dpo@tigerscribe.com with the institution name and study ID.