Natter • Security + Privacy

Ensuring product security and privacy is vital

Natter’s web-based platform provides impartial, anonymous, inclusive, instant insights and ensures security and privacy by design.

Insights derived from transcription data are not attributed to individuals, and our technology automatically redacts personal data before analysis takes place.

‍No downloads, installations or integrations are required, traffic is all inbound to Natter. No outbound traffic is sent to client environments.

Book a demo

Anonymized

Automatic data minimization and anonymization ensures minimal personal identifiers are collected, and all identifiers are redacted before processing. No data is processed outside of the UK or EU regions, ensuring full compliance with GDPR.

Secure

We protect customer data as if it were our own through Company SSO, 256-bit encryption, TLS v1.2 (or higher) and MFA.

In your control

Customers have full control over their data, and can request deletion at any time. End users must consent to being transcribed and personal data is automatically redacted prior to analysis.

Data Retention & Deletion

Once data is processed, the system does not retain or reuse it for training purposes. Natter excludes account names, IP addresses, and authentication data from processing and storage. This also applies to our suppliers.

Security and Privacy Safeguards

End User Opt-in Consent for Transcription

Consent is obtained during user registration and before each conversation and transcription on Natter. Without consent, transcription is not performed. Personal data is automatically redacted.

Strong Encryption at Rest and in Transit

We use AES-256 encryption for data at rest and TLS v1.2 or higher for data in transit, ensuring top-tier security against interception and tampering.

Secure Application Development

Secure application development (SDLC), a comprehensive peer review process, least-privilege access, and rigorous security testing are integral to our critical path, ensuring robust protection and reliability.

Continuous Monitoring

Continuous monitoring ensures real-time detection and swift response to potential security threats, allowing us to maintain a proactive stance against vulnerabilities.

Enterprise-grade Security

Natter is ISO 27001 certified and undergoes annual audits. Our AWS hosting provider also holds various security certifications to protect the infrastructure supporting Natter. AWS compliance details are available here.

UK and EU GDPR

Natter complies with UK and EU GDPR, ensuring data protection and privacy. Hosted in AWS eu-west-2, it guarantees high availability, regular backups, and rigorous testing for continuity and incident response.

Frequently asked questions

For more details and FAQs on our enterprise security commitment, visit Natter's Trust Center

What information security standards and frameworks is Natter compliant with?

Natter is certified to ISO 27001 and is GDPR, UK GDPR and EU AI Act compliant. Refer to our Responsible AI Statement for more information.

Is Natter anonymous?

Anonymity is hardwired into Natter. We exclude account names, IP addresses, and authentication data from processing and storage. Our AI Engine only receives de-identified text, stripped of personal identifiers at the point of input. Learn more in Our Approach to Data Privacy & Anonymity.

Will end users know how their data is being used?

Users are informed via multiple touchpoints, including our Privacy & Cookies Policy, which defines “Transcription data” and explains its use. We also display a link to Our Approach to Data Privacy & Anonymity during account setup and platform usage.

Do you have policies and procedures?

Natter maintains a full suite of internal policies, including:

- Acceptable Use Policy
‍
- Asset Management Policy
‍
- Backup Policy
‍
- Business Continuity Plan
‍
- Change Management Policy
‍
- Code of Conduct
‍
- Data Classification Policy
‍
- Data Protection Policy
‍
- Data Retention Policy
‍
- Disaster Recovery Plan
‍
- Encryption Policy
‍
- Incident Response Plan
‍
- Password Policy
‍
- Physical Security Policy
‍
- Risk Assessment Policy
‍
- Vendor Management Policy

Do you use subprocessors?

Natter uses a limited number of pre-approved third-party service providers, vetted under our Vendor Management Policy. You can view our full list in our Service Providers & Data Transfer Policy.

Are recordings stored or used to train models?

Neither recordings nor conversation data are stored by our providers. Our AI Engine does not retain information post-processing, and customer data is never used for training or modelling. Refer to our Responsible AI Statement for more information.

Is Natter compliant with GDPR?

Natter complies with GDPR both as a data processor and a controller. We’re also aligned with other international privacy regulations such as the CCPA. For more information, refer to our End User Licence Agreement (EULA), Service Providers & Data Transfer Policy, and Privacy & Cookies Policy.

What data do you collect / process?

We collect only limited and customizable data. Personal data includes first name, surname, email address, job title, and optional demographic data for anonymized benchmarking. Demographics can be fully customized by end users. Only anonymous qualitative responses are sent to our AI Engine - never user identifiers, PII, or authentication data. Refer to our Responsible AI Statement for more information.

Will end users consent / opt-in?

Consent is obtained during account creation and again before the user joins a conversation. If consent isn’t given, transcription does not occur. Personal data is redacted automatically, prior to analysis.

How do you ensure secure access?

We use Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for platform access. Granular access controls are also enforced at the platform and AWS backend levels via IAM.

Can we control and configure data retention and deletion?

Customers have full control and can request deletion of their data at any time. See section 6 of our Privacy & Cookies Policy: “Retaining and deleting personal data".

You can contact Natter’s Security & Privacy team by sending an email to security@natter.co to report a vulnerability, security event, or request a copy of the Natter DPA.

Download the app

Book a demo

In 30 minutes, we’ll show you how to capture every voice in your organization and turn conversations into decisions the same day.

Book a demo