Data Protection Policy

Effective Date 2025.01.01

Purpose and Scope

This policy explains our commitment to protect contributors(users)’ privacy by ensuring that Original Voice is never retained and that only irreversibly Transformed Audio and Derived Data are used for training and inference. The policy explicitly requires that all voice processing renders individual speakers non-identifiable to provide strong personal data protection and to reassure data providers, partners, and regulators. It applies to all voice collection channels, internal and outsourced processing, cloud services, datasets, and deployed models.

Key Definitions

  • Original Voice: raw audio provided by a contributor.
  • Transformed Audio: audio produced by irreversible technical transformation that removes or obfuscates speaker-identifying features so individuals cannot be identified.
  • Derived Data: embeddings, features, labels, model weights, and other artifacts generated from Transformed Audio.
  • Reidentification Risk: measurable probability that a contributor can be reidentified from Transformed Audio or Derived Data.

Data Lifecycle Controls

  • Collection and Consent
    • Minimal collection: Collect only the minimal voice data necessary for the stated purpose.
    • Transparent consent: Provide clear disclosures to contributors about transformation goals, irreversibility commitments, retention limits, deletion timing, and third party sharing.
    • Explicit consent: Record explicit consent before capture or transfer.
  • Immediate Transformation and Strong Deidentification
    • First-step transformation: Route Original Voice into a secured ingestion environment and apply automated transformation as the first processing step.
    • Non-identifiability requirement: Transformation algorithms must be designed and validated to ensure Transformed Audio does not permit identification of the original speaker under reasonable technical effort.
    • Documented irreversibility: Maintain objective criteria and tests demonstrating that transformations effectively prevent speaker identification and re-linking to Original Voice.
    • Versioned algorithms: Version and log transformation algorithms, parameters, and validation results for traceability.
  • Permanent Deletion of Original Voice
    • Irrecoverable deletion: Delete Original Voice irrecoverably immediately after transformation and verification.
    • Audit records: Record immutable audit entries for each deletion event including timestamp, processing node, and verification hash.
    • Legal hold exceptions: Legal hold exceptions require documented approvals, minimal metadata retention, and strictly limited access controls.
  • Storage, Encryption, and Access
    • Transformed-only storage: Store only Transformed Audio and Derived Data for long term use.
    • Cryptographic protection: Protect data at rest and in transit with strong cryptography.
    • Access controls: Enforce role based access control, least privilege, and multi factor authentication for privileged accounts.
    • Third party contracts: Grant third party access only under contractual security, privacy, and audit obligations.

Model Safety and Output Controls

  • Training Preconditions and Provenance
    • Transformation validation: Use only datasets that pass transformation validation and reidentification risk assessment for training.
    • Provenance metadata: Maintain provenance metadata for every dataset and model including transformation pipeline and approval records.
  • Reidentification Testing and Memorization Checks
    • Adversarial testing: Conduct scheduled adversarial testing and extraction attempts to detect model memorization or reproduction of identifying audio.
    • Risk thresholds: Quarantine and remediate any model that exceeds predefined reidentification risk thresholds.
  • Output Filtering and Usage Controls
    • Prevent re-synthesis: Apply filtering and post processing to prevent outputs that could reproduce contributor-specific vocal characteristics or enable reidentification.
    • Gated generative access: Gate high-fidelity generative capabilities and monitor their use for potential misuse.

Governance Assurance and Provider Protections

  • Accountability Roles
    • Assigned roles: Appoint a Data Protection Officer, Data Governance Lead, and Security Lead accountable for transformation integrity, audits, and provider relations.
    • Change approvals: Require multi-role sign-off for changes to transformation methods, retention rules, and exception handling.
  • Independent Audit and Attestation
    • Third party audits: Commit to regular third party audits of transformation efficacy, deletion procedures, access controls, and model reidentification testing.
    • Provider evidence: Provide audit summaries, attestation reports, or scoped evidence to data providers under nondisclosure agreements.
  • Contractual Safeguards for Providers
    • Warranties and remedies: Include explicit contractual warranties that Original Voice is deleted, define permitted uses of Transformed Audio, and require remediation obligations for breaches.
    • Provider rights: Allow providers to request deletion evidence, transformation descriptions, and scoped audits under agreed processes.

Monitoring, Incident Response, and Continuous Improvement

  • Monitoring and Detection
    • Continuous monitoring: Monitor for unauthorized access attempts, anomalous exports, and transformation failures with automated alerts and human review workflows.
  • Incident Response
    • Formal playbook: Maintain a formal incident response playbook with containment, forensic analysis, remediation, and provider notification procedures.
    • Record and remediate: Document incidents, impacts, and remediation actions and apply technical and procedural fixes.
  • Policy Review and Update
    • Regular review: Review transformation algorithms, risk thresholds, and controls at least annually or when new threats or regulatory changes occur.
    • Close the loop: Track and close improvements arising from audits, incidents, and provider feedback with documented evidence.

Firm Commitments and Contact

  • Firm commitments
    • No raw retention: We never retain Original Voice beyond secure pre-transformation buffering.
    • Non-identifiable storage: We store only Transformed Audio and Derived Data validated to meet irreversibility and non-identifiability standards.
    • Auditability: We provide traceability, contractual assurances, and independent verification for data providers.
  • Contact for agreements and audits
    • Data Governance Lead: Contact our Data Governance Lead to request deletion evidence, transformation descriptions, or to initiate a scoped audit.