Trust Center

Security, privacy and compliance you can read

Sprecho is a German GDPR-first voice-dictation product. The high-level summary lives here in the open; the DPA, sub-processor list, ISMS policies and audit evidence are one corporate-email request away.

Data classificationRestricted
ImpactModerate
RTO4h
RPO1h
RegionEU (Germany)

At a glance

The facts most procurement teams check first.

Data residency

EU only (Germany + Netherlands)

Encryption

TLS 1.2+ in transit · AES-256 at rest

Compliance

GDPR · hosting ISO 27001 (STRATO AG)

Default retention

14 days · zero-retention option for enterprise

No training on customer voice

Synthetic + open-source corpus only — your audio is never reused

Audit log

Every auth, admin and billing event recorded · JSONL export on Enterprise

MFA

Available for all users · required for admins on Enterprise

Penetration testing

First independent test scheduled Q3 2026

Browse the documentation

Trust Center

Sub-processors

Last updated: 2026-06-06

Sprecho engages the following sub-processors for the processing of personal data. The list mirrors Annex B of our Data Processing Agreement. Material changes are announced with prior notice under GDPR Art. 28(2)(b).

STRATO AG

2025-09

Production hosting — application servers, PostgreSQL database, object storage, email infrastructure, Coolify control plane.

Region: Germany (Falkenstein, Nuremberg, Berlin)

Media Trooper GmbH (Trooper.ai)

2025-11

GPU compute for transient speech recognition and LLM inference. No persistent customer data is stored at this layer.

Region: Germany + Netherlands

Mollie B.V.

2025-12

Payment processing for EU customers (iDEAL, SEPA, credit card).

Region: Netherlands

PayPal (Europe) S.à r.l. et Cie, S.C.A.

2025-12

Payment processing for customers worldwide who use PayPal.

Region: Luxembourg

Brevo (Sendinblue)

2025-09

Transactional email delivery — sign-in links, receipts, security alerts, Trust Center magic links.

Region: France

Haufe-Lexware GmbH & Co. KG (LexOffice)

2025-12

Invoice generation and bookkeeping records as required by German tax law (§ 147 AO).

Region: Germany

Notes

All processors are established in the EU/EEA. No customer data is transferred to third countries.
The list is identical to Annex B of the Data Processing Agreement (DPA). The DPA is the contractually binding source.
Changes are communicated in writing with at least 30 days' notice, allowing customers to object or terminate.

Request access to read the full content

Sprecho's Trust Center is open for procurement teams, security reviewers and customers. Submit your corporate email and we'll grant access — usually within minutes for verified domains.

Frequently asked

The five questions every procurement reviewer asks first. The full DPA and ISMS policies are one corporate-email request away.

Is Sprecho's environment multi-tenant?+
Yes. Logical isolation is enforced at the database (tenant scoping via team_id / user_id), API (authentication plus authorization checks on every FastAPI route; admins cannot read other members' transcripts), storage (files keyed by tenant + user; authenticated download endpoint), and inference (tenant-aware queues; no cross-tenant batching) layers. Dedicated single-tenant deployments are available on request for Enterprise customers.
What telemetry does the Sprecho client app collect?+
Operational telemetry only — no dictation content. Collected: application performance metrics (latency, error rates, vLLM fallback usage), feature usage events (which features activated, how often — never dictation content), crash reports (via Sentry, sanitised to strip sensitive context), auth events (login, MFA, password reset) for security monitoring. Never collected: dictation text or audio, browsing history, file contents, screen captures, contact lists, IDFA / advertising identifiers.
Which platforms does Sprecho support?+
macOS (primary desktop, Tauri-built), Windows (Tauri-built, signed with Azure Trusted Signing), iOS (React Native, in TestFlight; App Store submission pending), Android (React Native), web admin portal at admin.sprecho.ai for organization configuration, enterprise dashboard at enterprise.sprecho.ai for multi-seat licence management.
How many languages does Sprecho support?+
100+, with German as the highest-quality target. The Whisper model supports 100+ languages for transcription. Quality varies by language; German has the highest accuracy because the Sprecho SFT model is specifically tuned for German formatting (punctuation, paragraphing, capitalization, command-mode triggers). English second-strongest. Portuguese (PT and PT-BR) supported. Quality on minority languages can be evaluated during trial.
What macOS permissions does the desktop app require?+
Microphone (mandatory, capture audio for dictation), Accessibility (used only for context inspection — reading the focused element or surrounding text to improve AI formatting accuracy; not used for text insertion, which uses clipboard plus simulated paste), Screen Recording (optional, only if the window-aware context feature is enabled), Automation (optional, specific apps only, for the per-app-tuning feature). All permissions are explained at first launch with clear opt-out paths; they can be revoked anytime in macOS System Settings → Privacy & Security.

Security, privacy and compliance you can read

At a glance

Browse the documentation

Sub-processors

AI & models

Access control

Infrastructure

Data security

Data privacy

Product security

Application security

Endpoint security

Network security

ESG & ethics

Risk profile

Legal

Reports & audits

Certifications

Request access to read the full content

Frequently asked