This article answers the security, privacy, and compliance questions most frequently raised by enterprise security engineers, DPOs, and procurement teams evaluating Plaud as a vendor. It covers our certifications, data storage & residency, and data retention & deletion.
Certifications
| Certification | Scope | Availability |
| ISO/IEC 27001 | Information Security Management System | Certificate available at Trust Center |
| ISO/IEC 27701 | Privacy Information Management (GDPR-aligned) | Certificate available at Trust Center |
| SOC 2 Type II | Security, Availability, Confidentiality; sustained audit period | Certificate available at Trust Center |
For documents, please visit the Trust Center.
Data storage and residency
| Account Region | Infrastructure |
| EU / EEA | AWS Frankfurt (Germany) |
| North and South America | AWS US-West (Oregon region) |
| Asia Pacific | AWS Singapore |
| Japan | AWS Japan |
For more information about AWS regions, please visit the AWS.
Data retention and deletion
Recordings, transcripts, and summaries are retained until the user manually deletes them or cancels their account.
| Event | What Happens |
| User-initiated deletion | Immediate removal from primary storage |
| Backup propagation | Deletion propagates to backups via automated synchronization |
| AI subprocessor processing | Zero retention, no data persists after the response is returned |
| Account cancellation | Triggers full deletion including backup propagation |
| Cloud Sync disabled (PCS off) | Recordings stay on-device; cloud used only on-demand for AI processing; no persistent server copy retained |
FAQ about security and compliance
Can my team Admin access team Member's recording content?
The workspace gives Admins control over Member management but not access to the Member's content in the individual's workspace.
Can Plaud access my recording content?
Plaud processes your recordings solely to deliver the services you've subscribed to. Under GDPR, Plaud acts as a Data Processor and only processes your data on your documented instructions as Controller. We do not access your content independently. Please refer to our Data Processing Addendum for more information.
What's the process location for Plaud?
The initial audio capture happens locally on your device, meaning recordings are stored on-device. The content is only uploaded to Plaud Inc.'s cloud infrastructure when a user has given explicit consent for such upload. Plaud's cloud infrastructure is hosted on Amazon Web Services, as noted above.
Is Plaud HIPAA / SOC 2 / GDPR / EN 18031 / ISO 27001/ 27701 compliant?
Yes, privacy and data security are at the core of Plaud. Plaud adheres to the highest compliance standards including SOC 2 Type 2, HIPAA, GDPR, ISO 27001/27701 and EN 18031. Please visit the Trust Center for more information.
What about consent for recording?
Before capturing a conversation, it's good practice to give others a quick heads-up. Local regulations differ, so if you're unsure, a quick check helps you stay confident.
Not sure how to ask for consent? Here is an easy one-liner:"Mind if I use my AI note-taker so I don't miss any details/follow-ups from our chat? I can share the notes with you after as well."
Still have questions?
Submit a request and our support team will get back to you within 24 hours on business days.