Security and privacy, built into the architecture.
Shuli is designed for regulated, client-facing professionals — with encryption, access controls, and auditability at every layer.
How Shuli protects your data
Security at every step of the data lifecycle — from meeting capture to encrypted storage.
Meeting capture
- Meetings transcribed via secure third-party providers
- Raw recordings deleted automatically after processing
Secure processing
- Transcripts summarized using controlled AI pipelines
- Personal and irrelevant information excluded by design
Encrypted storage
- Summaries encrypted at application layer (AES-256-GCM)
- Encryption keys managed via AWS KMS
- Row-level access controls in database
Controlled access
- Role-based permissions and row-level security
- Every access logged for auditability
Meeting capture
- Meetings transcribed via secure third-party providers
- Raw recordings deleted automatically after processing
Secure processing
- Transcripts summarized using controlled AI pipelines
- Personal and irrelevant information excluded by design
Encrypted storage
- Summaries encrypted at application layer (AES-256-GCM)
- Encryption keys managed via AWS KMS
- Row-level access controls in database
Controlled access
- Role-based permissions and row-level security
- Every access logged for auditability
Security controls
Technical controls designed to protect your data and meet enterprise requirements.
Encryption in transit
All data transmitted between your devices and our servers is protected with modern encryption protocols.
- TLS 1.3 for all connections
- Certificate pinning where applicable
- No plaintext data in transit
Encryption at rest
Your meeting summaries are encrypted at the application layer before being stored in our database.
- AES-256-GCM encryption
- Keys managed via AWS KMS
- No plaintext in database
Access controls
Multi-layered access controls ensure only authorized users can access their own data.
- Role-based access (RBAC)
- Row-level security (RLS)
- Scoped API tokens
Audit logging
Every access and action is logged to support compliance and security reviews.
- Immutable audit logs
- Access event tracking
- Available for compliance review
SSO & SAML
Teams plan supports single sign-on integration with your identity provider.
- SAML 2.0 support
- Centralized authentication
- Enforce your security policies
Infrastructure security
Hosted on industry-leading cloud infrastructure with enterprise-grade protections.
- AWS infrastructure
- Regular security patching
- Network isolation
Only store what matters
Data minimization is at the core of our approach. We don't keep what we don't need.
Raw recordings and transcripts are automatically deleted after processing
Customers control how long summaries are retained
Data can be deleted instantly on request
We do not retain unnecessary personal information
SOC 2 alignment
We've designed Shuli to meet enterprise compliance requirements from day one.
SOC 2 Trust Principles
Shuli is designed around the core SOC 2 trust principles that matter most to regulated industries:
Security
Protecting against unauthorized access
Availability
System uptime and reliability
Confidentiality
Data access restricted to authorized parties
Working toward SOC 2 Type II
We are actively working toward SOC 2 Type II certification and have built our systems to align with SOC 2 requirements from the start.
Controls in place
- Encryption with managed keys (AWS KMS)
- Access logging and monitoring
- Least-privilege access policies
- Incident response procedures
Questions about security or compliance?
Our team is happy to review our security practices, share documentation, or speak with your compliance team.