Security & privacy
Private by architecture, not by promise.
NoParrot is designed so that confidential audio can be processed without ever leaving your infrastructure. Below is exactly what that means.
What "on-prem" actually guarantees
-
Audio never leaves your servers
All transcription, diarization and embedding runs locally on your hardware. There is no cloud processing path for your recordings.
-
No telemetry without opt-in
The product does not phone home. Any diagnostics are opt-in and documented.
-
No third-party sub-processors for audio
Your recordings are not sent to OpenAI, Google, AssemblyAI or any external API.
-
You hold the data, the model and the keys
Models run on-prem; data stays in your storage; secrets stay in your environment.
-
Full audit log & RBAC
Append-only audit logging and role-based access for Team, Business and Enterprise tiers.
-
Configurable retention
Set retention windows for transcripts and audit records to match your policy.
Compliance posture
- On-prem / air-gapped deployment removes the cloud-transcription compliance blocker for HIPAA, attorney-client privilege, GLBA and FERPA work.
- BAA / DPA signed on the Enterprise tier.
- Card data is never stored or processed by our servers — checkout is handled by Paddle (Merchant of Record).
Model licenses
Transcription: WhisperX / faster-whisper (MIT). Diarization: pyannote-audio community-1 (CC-BY-4.0), attributed in the product and in our footer. We surface model provenance rather than hide it.
Reporting a vulnerability
Report security issues responsibly to security@noparrot.com. We aim to acknowledge within 72 hours.