Security & data practices
Congregations, classrooms, and councils put their most personal moments through this product. Here is exactly how we treat what passes through it.
Audio is never stored
The presenter's microphone stream goes from their browser to Microsoft Azure AI Speech for live transcription and is discarded as it's processed. We keep no recordings and extract no voiceprints. Sessions are not recorded.
Captions live in memory
Caption text exists in server memory for live broadcast to your listeners and is not retained after the session ends.
What we do store
- Your account record: email, sign-in identity, plan and subscription state.
- Monthly usage counters (minutes and characters) used for plan quotas.
- Sign-in session records (so you stay logged in), which expire automatically within about a day.
- A log of when your sessions started and refreshed (timestamps and durations — never content), used for quota accounting and abuse prevention.
Stored in Microsoft Azure Storage in the United States, encrypted at rest by the platform, reachable only over TLS. Like virtually every web service, our hosting platform also keeps short-lived standard request logs (IP addresses, URLs).
Payments never touch our servers
Checkout and card handling happen entirely on Stripe. We store your subscription state and Stripe customer reference — never card numbers.
Sign-in
You sign in with Microsoft, Google, or a one-time email link. We never see or store passwords. Audience members join sessions with a short code — they don't create accounts at all.
Infrastructure
The product runs on Microsoft Azure App Service (US South Central) over HTTPS with TLS 1.2+. Our full list of service providers is on the sub-processors page, which we update whenever a provider is added, removed, or replaced.
Transactional email (sign-in links, quota notices) is sent through Azure Communication Services with SPF and DKIM authentication on our domain.
Questions or reports
Found something that worries you? Write to support@owntongue.com — security reports get priority handling. Policy documents: Privacy · Terms · DPA.