Security and privacy at tikkr
tikkr handles people's voices and words in real time. We treat that data carefully and we are transparent about how it is processed.
Your data stays in the EU
The tikkr application and database are hosted in Germany (Hetzner). Inbound email runs in the EU (AWS, Ireland) and product analytics are processed in the EU (PostHog EU).
Encrypted in transit
All traffic is served over TLS 1.2+ with HSTS preload and strict security headers, including a Content-Security-Policy.
We do not train AI models on your data
Live translation is processed by OpenAI and by Alibaba (Qwen) under API terms that do not use your content to train their models.
Sub-processors
We use a small set of sub-processors. International transfers are covered by Standard Contractual Clauses or the EU-US Data Privacy Framework.
| Provider | Purpose | Region |
|---|---|---|
| OpenAI | Real-time translation and Q&A | United States |
| Alibaba Model Studio (Qwen) | Real-time translation | Singapore |
| Stripe | Payments | United States |
| Resend | Transactional email | United States |
| Hetzner | Application and database hosting | Germany |
| AWS | Inbound email | EU (Ireland) |
| PostHog | Product analytics | EU |
Access controls
Administrative access is least-privilege and restricted to named superusers, with access to personal data audit-logged. All sign-in surfaces are rate-limited against brute force, and each meeting runs in an isolated session.
Privacy and GDPR
For organizations using tikkr, we act as a data processor. We offer a Data Processing Agreement on request, honor data-subject rights including access and deletion, and limit how long we retain meeting data. See our Privacy Policy for details.
SOC 2
SOC 2 Type II is in progress. In the meantime we are glad to share our security overview and complete a security questionnaire.
Questions, or need our DPA? Contact us at support@trytikkr.com.