Executives rehearse sensitive, often unreleased messaging on MediaTraining.AI. We treat that data accordingly — kept in the EU, encrypted, and strictly isolated per organization.
Your data lives in the European Union — our database, authentication and file storage run in Supabase's eu-west-1 (Ireland) region. It isn't relocated outside the EU.
Every connection to the platform is encrypted with TLS, and your data is encrypted at rest on managed, audited infrastructure.
Row-Level Security (RLS) is enforced on every table in the database. A company or agency can only ever read its own data — isolation is enforced at the data layer, not just the UI.
In video mode, facial analysis runs entirely in the executive's browser (MediaPipe). Only the derived metrics are saved — the video itself is never sent to an AI provider for analysis.
We use AI providers through their API tier, where prompts, transcripts and documents are not used to train their models. Your messaging stays yours.
Subscriptions and payments are handled entirely by Stripe (PCI DSS Level 1). Card numbers never touch our servers.
Authentication is handled by Supabase Auth. Service-role access is server-side only and gated by ownership checks; sensitive operations are verified per request.
A clear view of each type of data — where it's processed and where it rests. Everything we store is encrypted and kept in the EU.
| Data | Processed | Stored | Region |
|---|---|---|---|
| Facial analysis | On your device | Derived metrics only | — (browser) |
| Live voice | OpenAI (API) | Transcript only | US → EU |
| Video / audio recording | Your browser | Supabase Storage | EU (Ireland) |
| Account, projects, reports | Supabase | Supabase | EU (Ireland) |
We build on industry-leading providers so your data sits on audited, certified infrastructure. The certifications below belong to these providers.
Supabase
Database, auth, storage (EU)
Vercel
Application hosting
OpenAI
AI interviews & reports (API)
Stripe
Payments
Resend
Transactional email
Cloudflare
Video storage (optional)
Calendar & Meet integration (optional)
Recall.ai
Live-meeting transport (when enabled)
GDPR & LGPD. We are built for European (GDPR) and Brazilian (LGPD) privacy expectations: EU data residency, a clear Privacy Policy, and self-service data rights.
Access & erasure. From your account Settings you can export all of your data as a file, or permanently delete your account and its data at any time.
We don't currently hold our own SOC 2 / ISO 27001 / HIPAA certifications — those shown above belong to our infrastructure providers. If your organization requires a specific certification or a signed DPA, get in touch.
Last reviewed: June 2026