Sayify.pro / Docs
Docs

Learn about Sayify.pro's security practices, data protection, and compliance.

Security Overview

Security and privacy are foundational to Sayify.pro. Here's how we protect your data.

Data Encryption

  • In transit: All connections use TLS 1.2+ (HTTPS enforced)
  • At rest: Audio files and transcriptions are encrypted on AWS S3 with AES-256
  • API keys: Hashed before storage — the full key is shown only once at creation

Authentication

Session-Based (Dashboard)

The web dashboard uses session cookies with CSRF protection. Sessions expire after inactivity.

API Key (Programmatic)

API access uses Bearer tokens. Include your key in the Authorization header:

Authorization: Bearer sk_live_YOUR_API_KEY

:::warning Keep Keys Secure
Never expose API keys in client-side code, public repositories, or logs. Rotate keys regularly and revoke any that may be compromised.
:::

API Key Best Practices

Practice Why
Use separate keys per environment Isolate production from dev/staging
Set descriptive names Know which key is used where
Revoke unused keys Reduce attack surface
Monitor usage stats Detect anomalous usage early

Permissions

  • API tokens inherit the permissions of the workspace they belong to
  • Each workspace is isolated — tokens from one workspace cannot access another
  • Team members can be invited with scoped permissions

Webhook Security

Webhook payloads are signed with a secret token (whsec_...), allowing you to verify that requests genuinely come from Sayify.pro. Always validate signatures before processing webhook payloads.

Data Retention

  • Voice recordings are retained for the duration of your subscription
  • Transcriptions and AI insights are stored alongside responses
  • You can delete individual responses or entire links through the dashboard or API
  • Account deletion removes all associated data

Compliance

:::note Data Location
All data is processed and stored on AWS infrastructure in the US East (Virginia) region.
:::

Was this page helpful?
Report an issue →