// Trust & Security Report
Auphonic GmbH
AI-powered automated audio post-production platform for podcasts, education, video, audiobooks, and broadcast. Includes web UI, API, CLI, and white-label integrations.
Certifications held
2
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on auphonic.com“Auphonic is compliant with the General Data Protection Regulation of the European Union and applies this standard to all customers worldwide, not just EU customers.”
Verify on auphonic.com“Auphonic provides Data Processing Agreements to paying customers who process personal data of third parties on request.”
> Show 5 unconfirmed / not-held certifications
source: auphonic.comNo public evidence of SOC 2 Type 1 certification found on vendor domain or security documentation.
source: auphonic.comNo public evidence of SOC 2 Type 2 certification found on vendor domain or security documentation.
source: auphonic.comNo public evidence of ISO 27001 certification found on vendor domain or security documentation.
source: auphonic.comNo public evidence of HIPAA certification or compliance. Service terms make clear this is not a healthcare-specific product.
source: auphonic.comNo public evidence of PCI DSS certification found on vendor domain or security documentation.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
Germany (Hetzner primary, Cloudflare R2 secondary). EU users get EU-restricted or Germany storage; non-EU users stored in EU or near-location buckets.
Auphonic uses selected customer audio/video content to improve its algorithms. Employees may access and listen to content for algorithm development and improvement purposes. No opt-out mechanism mentioned in policy.
// Security controls
Data Storage Location
Primary: Germany (Hetzner). Secondary: Cloudflare R2 (EU-restricted for EU users).
auphonic.comEncryption
No specific encryption protocols detailed in public documentation. Policy states Auphonic 'takes all measures reasonably necessary to protect against unauthorized access.'
auphonic.comTwo-Factor Authentication
Optional 2FA available; added September 2025. Helps ensure only trusted people can access projects and connected services.
auphonic.comData Retention - Algorithm Training Data
Selected audio/video excerpts may be stored indefinitely for algorithm improvement.
auphonic.comBackup Policy
Auphonic explicitly states it is NOT a data storage or backup service and does not backup customer content.
auphonic.comThird-Party Data Sharing
Content not shared with third parties without explicit permission. Only aggregated statistical data disclosed.
auphonic.com// Products & data scope
data: Audio and video files, metadata, production settings, user-generated content
Main product serving podcasters, educators, content creators, and broadcasters. Includes noise reduction, leveling, filtering, speech-to-text, multitrack processing.
data: Same as web platform plus authentication tokens for external service integrations
Programmatic access for developers; supports productions creation, management, and automation.
data: Local audio/video files, API credentials
Command-line interface launched March 2026 for integration into workflows. Local processing with remote uploads.
data: Custom algorithms, custom pricing, embedded in third-party products
Allows direct integration into digital audio workstations, content distribution platforms, and other audio products.
// What to watch
- No formal security certifications (SOC 2, ISO 27001) despite 13 years in operation and 2M+ user base. Indicates growth-stage maturity without enterprise-grade compliance infrastructure.
- Customer content used for algorithm improvement with employee access. No opt-out mechanism documented. May be concern for sensitive audio content or proprietary training material.
- Security practices described only in vague terms ('all measures reasonably necessary'). No detail on encryption standards, key management, or intrusion detection.
- Aggressive data deletion (7-21 days) means this is NOT suitable as a backup service or for long-term archival.
- Service explicitly disclaims liability for 'loss or corruption of data.' Combined with no backup policy, customers should not rely on Auphonic as their only copy of content.
- DPA only offered to paying customers 'on request' — not automated or guaranteed, potentially limiting use by enterprises processing third-party personal data.
// At a glance
Pricing model
Freemium (2 hours/month free) plus paid tier subscriptions with monthly hour allowances
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Auphonic GmbH's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
auphonic.com