Minutes App follows SOC 2–aligned practices to safeguard condominium records with enterprise-grade security, availability, confidentiality, and privacy. All recordings, transcripts, and minutes are encrypted, stored exclusively in Canada, and automatically deleted according to retention rules. With these safeguards, boards can trust that their most sensitive discussions remain confidential. That’s why our platform is built following SOC 2–aligned best practices across all five Trust Service Criteria:
1. Security
- Strong password protection using bcrypt.
- Multi-factor authentication by email.
- Role-based access controls (only authorized managers and board reps see their own corporation’s data).
- Encrypted sessions and secure cookies.
2. Availability
- Automatic retries and error recovery during recording, upload, and minutes generation.
- Structured logging and monitoring.
- Ongoing plans for database redundancy and disaster recovery.
3. Processing Integrity
- Clear, auditable workflow from recording → transcription → minutes.
- Validation to prevent incomplete or corrupted outputs.
- Meeting status tracking with retry options.
4. Confidentiality
- Files stored in private AWS S3 buckets, accessed only via short-lived signed URLs.
- Strict database scoping to prevent cross-corporation data access.
- Planned retention enforcement: recordings auto-deleted after 6 months, minutes after 1 year.
5. Privacy
- Minimal personal data collected (names, emails, directors). Unit numbers are never stored.
- Data is hosted exclusively in Canada (AWS Montreal region).
- Corporations retain full ownership of their paid minutes.
- Support for data-deletion requests upon account closure.