Gathered Voices

Privacy by Design

Anonymity is the foundation. Here's how we protect every voice that comes through Gathered Voices.

Our Core Privacy Principles

Themes Only, Never Raw Data

Leaders never see transcripts, audio files, or quotes. We surface aggregated themes only when corroborated by multiple submissions (at least 2), ensuring no individual can be identified.

Immediate Audio Deletion

Audio recordings are deleted immediately after transcription. We don't store, archive, or back up audio files. Once transcribed, the audio is gone forever.

No Tracking, No Identification

We don't collect names, emails, or any identifying information. IP addresses are hashed and never logged in raw form. There's no way to trace feedback back to individuals.

Corroboration Threshold

A theme only appears in the admin dashboard when at least 2 separate submissions support it. This protects individual voices while surfacing genuine patterns.

How We Implement Privacy

End-to-End Data Minimization

We collect only what's absolutely necessary for theme generation. No demographic data, no user identification metadata, no unnecessary tracking. The less data we have, the less risk to your people.

Encrypted in Transit and at Rest

All data is encrypted during transmission using industry-standard TLS protocols. Database contents are encrypted at rest. Even if someone gained unauthorized access to our infrastructure, they would find encrypted data they cannot read.

Audit Logging Without PII

We log system events for security and reliability, but never personal information. Our logs contain timestamps, error codes, and system metrics. No IP addresses, no user identifiers, no content. If something goes wrong, we can debug it without exposing anyone.

Rate Limiting with Hashed IP Addresses

To prevent abuse, we implement rate limiting. Even here, privacy comes first. IP addresses are hashed with SHA-256 before use as rate limit keys. We never log or store raw IP addresses anywhere in our system.

Our Trusted Vendors

We carefully select vendors who share our commitment to security and privacy. Each vendor maintains enterprise-grade security certifications and has signed Data Processing Agreements (DPAs) with us.

OpenAI (Whisper)

Audio transcription service with SOC 2 Type II certification. Audio data is processed and immediately discarded per their zero-retention policy.

Neon (Database)

PostgreSQL hosting with encryption at rest and in transit. Automated point-in-time recovery for data reliability and enterprise-grade security certifications.

Clerk (Authentication)

User authentication and organization management with GDPR compliance. Handles admin access control with enterprise-grade security.

Vercel (Hosting)

Application hosting with automatic HTTPS, DDoS protection, and edge caching on enterprise-certified infrastructure.

Ready to hear what your people know?

Start surfacing insights today. No setup required for employees to share feedback.

Get StartedFor Leaders

Try Submitting FeedbackFor Employees