// Trust & Security Report

    Auphonic GmbH logo

    Auphonic GmbH

    AI-powered automated audio post-production platform for podcasts, education, video, audiobooks, and broadcast. Includes web UI, API, CLI, and white-label integrations.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    Auphonic is compliant with the General Data Protection Regulation of the European Union and applies this standard to all customers worldwide, not just EU customers.

    Verify on auphonic.com
    Data Processing Agreement
    HELD

    Auphonic provides Data Processing Agreements to paying customers who process personal data of third parties on request.

    Verify on auphonic.com
    > Show 5 unconfirmed / not-held certifications
    SOC 2 Type 1
    NOT CONFIRMED

    No public evidence of SOC 2 Type 1 certification found on vendor domain or security documentation.

    source: auphonic.com
    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence of SOC 2 Type 2 certification found on vendor domain or security documentation.

    source: auphonic.com
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found on vendor domain or security documentation.

    source: auphonic.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification or compliance. Service terms make clear this is not a healthcare-specific product.

    source: auphonic.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found on vendor domain or security documentation.

    source: auphonic.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Germany (Hetzner primary, Cloudflare R2 secondary). EU users get EU-restricted or Germany storage; non-EU users stored in EU or near-location buckets.

    Auphonic uses selected customer audio/video content to improve its algorithms. Employees may access and listen to content for algorithm development and improvement purposes. No opt-out mechanism mentioned in policy.

    // Security controls

    Data Storage Location

    Primary: Germany (Hetzner). Secondary: Cloudflare R2 (EU-restricted for EU users).

    auphonic.com

    Encryption

    No specific encryption protocols detailed in public documentation. Policy states Auphonic 'takes all measures reasonably necessary to protect against unauthorized access.'

    auphonic.com

    Two-Factor Authentication

    Optional 2FA available; added September 2025. Helps ensure only trusted people can access projects and connected services.

    auphonic.com

    Data Retention - Audio Productions

    Deleted after 21 days.

    auphonic.com

    Data Retention - Video Productions

    Deleted after 7 days.

    auphonic.com

    Data Retention - Billing Metadata

    Retained indefinitely in internal accounting systems.

    auphonic.com

    Data Retention - Algorithm Training Data

    Selected audio/video excerpts may be stored indefinitely for algorithm improvement.

    auphonic.com

    Backup Policy

    Auphonic explicitly states it is NOT a data storage or backup service and does not backup customer content.

    auphonic.com

    Third-Party Data Sharing

    Content not shared with third parties without explicit permission. Only aggregated statistical data disclosed.

    auphonic.com

    // Products & data scope

    Auphonic Web PlatformAudio/Video Post-Production

    data: Audio and video files, metadata, production settings, user-generated content

    Main product serving podcasters, educators, content creators, and broadcasters. Includes noise reduction, leveling, filtering, speech-to-text, multitrack processing.

    Auphonic APIDeveloper Integration

    data: Same as web platform plus authentication tokens for external service integrations

    Programmatic access for developers; supports productions creation, management, and automation.

    Auphonic CLIDeveloper Integration

    data: Local audio/video files, API credentials

    Command-line interface launched March 2026 for integration into workflows. Local processing with remote uploads.

    White-Label APIIntegration / Customization

    data: Custom algorithms, custom pricing, embedded in third-party products

    Allows direct integration into digital audio workstations, content distribution platforms, and other audio products.

    // What to watch

    • No formal security certifications (SOC 2, ISO 27001) despite 13 years in operation and 2M+ user base. Indicates growth-stage maturity without enterprise-grade compliance infrastructure.
    • Customer content used for algorithm improvement with employee access. No opt-out mechanism documented. May be concern for sensitive audio content or proprietary training material.
    • Security practices described only in vague terms ('all measures reasonably necessary'). No detail on encryption standards, key management, or intrusion detection.
    • Aggressive data deletion (7-21 days) means this is NOT suitable as a backup service or for long-term archival.
    • Service explicitly disclaims liability for 'loss or corruption of data.' Combined with no backup policy, customers should not rely on Auphonic as their only copy of content.
    • DPA only offered to paying customers 'on request' — not automated or guaranteed, potentially limiting use by enterprises processing third-party personal data.

    // At a glance

    Pricing model

    Freemium (2 hours/month free) plus paid tier subscriptions with monthly hour allowances

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Auphonic GmbH's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    auphonic.com

    > Browse all vendor trust reports