Security & Compliance
Your buyers never know Nutan is listening.
Every Gong, Chorus, and Otter call starts with “This meeting is being recorded.” Nutan doesn't. Audio captured on-device. Transcribed on-device. Deleted on-device. No bot. No cloud. No indicator your prospect ever sees.
Local-First Architecture
Unlike cloud-based meeting intelligence tools, Nutan processes everything on the user's own computer. Audio capture, transcription, and AI analysis all run locally. Audio is deleted after processing — only the structured intelligence remains.
No cloud audio processing
Meeting audio is captured and transcribed entirely on-device. No audio is ever transmitted to our servers or any third party.
Audio auto-deletion
Raw audio is deleted immediately after transcription. Only the text transcript and extracted intelligence are retained locally.
No bot in calls
Nutan captures system audio silently. No bot joins your meeting. No participants are notified. No recording indicators appear.
User-controlled sync
Cloud sync is optional and off by default. When enabled, data syncs encrypted every 5 minutes — limited to 500 rows per request. You can disable it at any time.
Technical Security
Your local data is protected with industry-standard strong encryption. The encryption key is generated on your device and stored only in the OS-managed secure keychain — never on disk.
All authentication tokens — CRM, email, calendar — live exclusively in the OS-managed secure keychain. Never written to files, databases, or configuration.
Standards-based OAuth with automatic token rotation. No passwords to manage, no credentials to leak.
Modern web security applied end-to-end: strict transport security, frame protection, content security policies, and per-IP rate limiting. No camera, microphone, geolocation, or payment permissions requested by the web surface.
Immutable audit trail of every action — with timestamps, identity, resource type, and duration. No PII in logs (emails and phone numbers redacted). Aligned to SOC 2 CC7.2 and ISO 27001 A.12.4.
Standards-based secure OAuth for direct device-to-provider token exchange. CRM integrations use secure server-side exchange. No tokens relayed through insecure paths.
Granular GDPR Article 17 erasure — delete profile, deals, meetings, chats, knowledge, or settings independently. Full account erasure runs atomically. Audit logs preserved per GDPR Article 17(3)(e).
Trust Center
Every report your procurement team asks for.
SOC 2 readiness, GDPR, CCPA, ISO 27001, HIPAA, Data Processing Agreement — download current attestations for each. Generated from our codebase and operational state, ready for vendor risk review.
Private by design.
Not by policy.
No cloud audio. No bot joins. No data leaves your laptop unless you say so. Your buyers never know Nutan is listening.
Private beta · Invite only · macOS · Windows coming soon