Security at RecallVerse

At RecallVerse, protecting your data is a top priority. Because your contact network, insights, and relationship history are deeply personal, we built the platform with zero shortcuts, using security standards trusted by global enterprises, governments, and regulated sectors.

Every layer of RecallVerse — from authentication to AI processing — is designed to ensure only you can access your data.

1. Infrastructure Security

Google Cloud + Firebase

RecallVerse is built entirely on Google Firebase and Google Cloud Platform (GCP) — the same infrastructure used by:

• Government agencies
• Global banks
• Fortune 500 companies

This gives you:

• Encryption at rest (AES-256)
• Encryption in transit (TLS 1.2/1.3)
• Independent audits (ISO 27001, SOC 1/2/3, GDPR compliance)

2. Authentication & Account Isolation

RecallVerse uses Firebase Authentication for all login methods (Google, Apple, Email/Password).

This gives you:

• Unique Firebase user ID (uid)
• Strong identity management
• No shared accounts
• Automatic protection against unauthorized access

3. Firestore Security Rules

All reads and writes in Firestore are protected by strict rules such as:

This ensures:

• No user can ever access another user's contacts
• No cross-account visibility
• No accidental exposure
• Network maps and analytics are read-only to prevent tampering

Security rules are enforced at the database level — meaning it's impossible for a malicious actor to bypass them.

4. Voice Notes: No Audio Storage

When you record a voice note:

1. Audio is securely processed for transcription
2. A text transcription is generated
3. The audio is immediately discarded
4. Only the transcription is stored

This eliminates:

• Audio storage risks
• Sensitive biometric voice data issues
• Long-term exposure of voice recordings

Text-only transcriptions are significantly safer and fully encrypted.

5. AI Processing Protections

AI features (summaries, insights, contact analysis, network mapping) are performed server-side only, using secure Firebase Cloud Functions.

This means:

• Your device never sends data directly to AI providers
• API keys are never exposed
• Only minimal data needed for the feature is sent
• No unnecessary personal identifiers are included
• Your data is not used to train any third-party AI models

We send only the text you've chosen to analyze, not your account details, email addresses, or audio files.

6. Data Encryption

You never interact with unencrypted data.

7. Access Controls & Internal Security

• All API keys and service credentials are stored in Google Secret Manager
• No API keys are ever included in client-side code
• Engineers access data only for debugging when legally permitted and strictly controlled
• Audit logs record server activity for compliance

Your account is never accessible without authentication and proper authorization.

8. Data Export & Deletion

You are in full control.

You may request:

• Export of your contacts and notes
• Deletion of your account and data

Upon deletion:

• Your data is removed from active databases immediately
• Encrypted backups are purged according to regulatory requirements
• AI providers do not retain any of your submitted content

This aligns with GDPR, CCPA, and Saudi PDPL.

9. Compliance

RecallVerse aligns with major global data protection standards:

• GDPR (European Union)
• CCPA (California)
• Saudi Personal Data Protection Law (PDPL)
• UAE Data Law
• UK Data Protection Act

Our infrastructure providers (Google Cloud, OpenAI, Anthropic) maintain:

• ISO 27001
• SOC 1, SOC 2, SOC 3
• PCI-DSS
• FedRAMP + StateRAMP certifications (depending on provider)

10. Your Responsibilities

For maximum security, we recommend:

• Using unique, strong passwords
• Keeping your login credentials private
• Enabling device-level protections (e.g., Face ID, biometrics)
• Not storing sensitive government-classified information
• Only entering data you have permission to store

11. Contact Us

For security questions or concerns, reach us at: