When developing GoSpeech, data security, including the possibility of on-premises installation, has a very high priority. That's why GoSpeech is only hosted in German data centers with ISO 27001 certification to ensure optimal data security. Thanks to several server locations in Germany, maximum availability is also offered, so that GoSpeech is accessible at any time.
Comprehensive security policies ensure user data remains private and secure in the cloud. In order to protect sensitive user data, it is transmitted in encrypted form. We use end-to-end encryption for this. Communication between the client applications and the GoSpeech platform is via HTTPS using TLS with an AES 256-bit encryption algorithm. The communication of individual containers within our server, which can only be accessed via encrypted connections, is also encrypted with a self-signed certificate.
Signing into the GoSpeech account is done through an OAUTH2 authorization code flow using PKCE. Each registration receives a personal access token, which contains the rights and user-defined areas in GoSpeech.
Audio, video and text data are only used to provide the purchased service. They are also used to optimize speech recognition for individual user profiles. The speech recognition software only receives the data for training the software that is used in the form of a user-defined dictionary and those words that are submitted to us via the "Alternative spelling" function.
No voice profiles (biometric data) are used. Neither the user profiles nor the audio, video and text files are used to train the basic language model (e.g. to train neural networks or similar).
After completion of the contract, the data will initially be stored for the duration of the warranty period, then taking into account statutory retention periods, in particular tax and commercial law, and then deleted after the period has expired, unless you have consented to further processing and use.
GoSpeech runs in a triple replicated IT infrastructure on German servers that promise maximum data security. Because our servers are located at two locations in Germany, we can not only guarantee reliability, but also GDPR-compliant data protection.
Our servers are operated in the secure cloud of the provider Exoscale. Exoscale offers companies of all sizes access to the most modern infrastructure from the cloud: high-availability servers, redundant data storage, GPU servers for demanding IT tasks. In European data centers that meet the high requirements of the EU General Data Protection Regulation. Working with Exoscale, we can ensure that the GoSpeech platform meets extensive international and industry-specific compliance and security standards.
Our servers are continuously monitored and subject to regular audits to ensure that the cloud infrastructure provided meets the highest standards for secure data transmission. With the certification, we provide documented proof that the information security requirements are met and that the measures to protect data are implemented. We, Grundig Business Systems GmbH, are also certified according to ISO 9001 through quality management and guarantee high environmental standards according to ISO 14001.
In addition, the GoSpeech servers are characterized by high availability. This high availability of our servers refers to a set of technologies that minimize IT disruptions by ensuring business continuity of IT services through fully redundant, fault-tolerant or failover-protected components in the data center. Our servers are certified according to the ISO 22301 standard, which certifies security and reliability. GoSpeech can be called up around the clock and remains available even in the event of a server failure. To this end, a business continuity and disaster recovery program has been developed to recover and resume critical business processes and systems in a timely manner in the event of a critical business disruption.
Alternatively, we also offer GoSpeech as an on-premises version and install the transcription software on our customers’ own servers in a data-protected manner. Only people who have access to Customer's network can use GoSpeech. No external data connection is required to operate GoSpeech as an on-premises solution. All services required for GoSpeech run exclusively on the customer's servers. Accordingly, neither user data nor uploaded files or transcripts are transmitted to unauthorized persons.
According to the contractually agreed usage bill, only the consumption data must be reported. The reporting of this consumption data is in the hands of your system administrator and does not happen automatically. An on-premises solution is installed by trained system engineers who, together with the system administrator, ensure that no unwanted access is enabled during configuration.
Also as an on-premises installation, the provision of updates is included in the usage fees. This ensures that the current and data protection-safe components are used in each case.