Inclutra Security

IT Security Overview

This page explains, at a high level, how audio and transcript data flow through Inclutra, how retention and backups are handled, and which modern security controls are applied.

Contents Expand
  1. Data Flows and Processing
  2. Retention and Backups
  3. Security Best Practices

Data Flows and Processing

Inclutra operates

  • a browser client side application (frontend),
  • a server API (backend),
  • SignalR (websockets) communication hubs, and
  • a SQL Server persistence layer (database) in an EU-based runtime environment.

Audio is captured using a browser API and streamed to Gladia (AI transcription service) for realtime speech processing. Inclutra stores transcript and translation events, but raw audio is not stored by Gladia or Inclutra.

Security controls are designed around ISO 27001 and SOC-style expectations, with documented ownership, periodic review, and auditable evidence.

flowchart LR
  Browser[Browser]
  Inclutra[App Server]
  Audience[Live Audience View]
  Stage[Stage Displays]
  Logging[Logging and Analytics]
  Gladia[Gladia AI]

  subgraph Nuremberg["Nüremberg Datacenter"]
    Inclutra
    Audience
    Stage
    Logging
  end

  subgraph GladiaDc["Gladia Datacenter (France)"]
    Gladia
  end

  subgraph Frankfurt["Frankfurt Datacenter"]
    Backup[Inclutra Backup]
  end

  Browser -->|Audio| Gladia
  Browser --> Inclutra
  Gladia -->|Transcripts| Inclutra
  Inclutra --> Audience
  Inclutra --> Stage
  Inclutra --> Logging
  Nuremberg --> Frankfurt

Retention and Backups

By design we keep data only as long as you need it. That means specifically:

  • Account data is retained while an account is active.
  • Transcriptions and translations are retained until deleted by users or when the account is deleted.
  • Raw audio is never stored, neither by Inclutra or any third party service.
  • Application and server logs are retained for 90 days to ensure we can keep the system running smoothly and identify any issues or misuse
  • SQL backups follow a full-plus-log backup model with regular restore validation and a 90-day retention.

For complete details on data categories, processing purposes, and data-subject rights, see our Privacy Policy.

Security Best Practices

We follow modern IT security best practices, including strong controls for user accounts and authentication.

  • Access to production servers is strictly limited to authorized personnel with least-privilege access.
  • Backups are performed regularly and recovery procedures are tested to confirm restorability.
  • SSL/TLS is enforced to protect data in transit, with ongoing monitoring and security maintenance.

Last updated: 2026-03-02.