// Trust & Security Report
Happy Scribe Limited
AI transcription, meeting notes, subtitles, and translation platform
Certifications held
2
Maturity
Growth
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on happyscribe.com“We are SOC 2 Type 2 certified. SOC 2 is a widely recognized security compliance certification that demonstrates our commitment to security and privacy.”
Verify on help.happyscribe.com“Happy Scribe is fully compliant with the General Data Protection Regulation (GDPR). We handle your data in a responsible and transparent manner, adhering to the principles outlined in GDPR.”
> Show 9 unconfirmed / not-held certifications
source: happyscribe.comNo public evidence that Happy Scribe Limited itself holds ISO 27001. The home page states 'ISO 27001 data centres' and the security page refers to 'ISO 27001 compliant facility' - both describing the third-party data center host, not Happy Scribe as the certified entity.
source: help.happyscribe.comWhile HappyScribe is not HIPAA compliant, we assure you that we are fully dedicated to GDPR compliance and maintaining the security and privacy of your data.
source: help.happyscribe.comNo public evidence that Happy Scribe Limited holds PCI DSS certification. The GDPR help article refers to the data center facility maintaining PCI DSS certification, not Happy Scribe itself.
source: trust.happyscribe.comNo public evidence found of ISO 27017 certification for Happy Scribe Limited.
source: trust.happyscribe.comNo public evidence found of ISO 27018 certification for Happy Scribe Limited.
source: trust.happyscribe.comNo public evidence found of ISO 27701 certification for Happy Scribe Limited.
source: trust.happyscribe.comNo public evidence found of ISO/IEC 42001 AI management system certification for Happy Scribe Limited.
source: trust.happyscribe.comNo public evidence found of CSA STAR certification or registry listing for Happy Scribe Limited.
source: trust.happyscribe.comNo public evidence found of FedRAMP authorization. Happy Scribe is a European company focused on GDPR, not US federal compliance frameworks.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
EU (data center located in the European Union; EU data residency included as standard, not a paid add-on)
Happy Scribe trains on customer-uploaded content by default. The privacy policy states: 'We will be able to store the Content for training our machine learning algorithms. This will allow us to continuously improve the quality of our service for you. All personal data in the Content that we stored will be anonymised.' The terms of service confirm this extends to 'training and maintaining...ASR speech-to-text models.' An opt-out mechanism is available via account settings or by contacting support. The legal basis cited is 'legitimate interests' which may be challenged under GDPR. Enterprise users should confirm opt-out is active. DPA available on request per the enterprise page: 'can provide a Data Processing Agreement (DPA) and a current list of sub-processors on request.'
// Security controls
Encryption in transit
TLS (Transport Layer Security) - 'All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS)'
happyscribe.comEncryption at rest
AES-256 - 'All our user data is encrypted using battled-proofed encryption algorithms' with 'AES-256 block-level storage encryption'
happyscribe.comData center
EU-based Tier IV facility with ISO 27001, PCI DSS certifications; 24/7 physical security with guards, CCTV, and electronic access control
happyscribe.comInfrastructure
AWS and Heroku (Salesforce/Ireland); network protections include VPC, VPN, firewall, and IDS/IPS
happyscribe.comApplication security testing
Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and annual penetration testing (2025 pentest listed in trust center resources)
happyscribe.comAccess controls
Role-based access control, SSO support, unique account authentication enforced; encryption key access restricted
trust.happyscribe.comBusiness continuity
Continuity and Disaster Recovery plans established and tested; cybersecurity insurance maintained
trust.happyscribe.comSubprocessors
Cloudflare Inc. (EU), Salesforce/Heroku (Ireland), DeepL SE (Germany), Slack Technologies (US with SCCs)
trust.happyscribe.com// Products & data scope
data: Audio/video files uploaded by user; processed for transcription and potentially used for ML training (opt-out available)
Up to 99% accuracy on clear audio; supports 150+ languages; exports to DOCX, PDF, TXT, SRT, VTT
data: Live meeting audio from Google Meet, Microsoft Teams, Zoom; meeting transcripts, summaries, and action items
Bot joins via calendar integration; generates smart summaries, highlights, and action items; supports 150+ languages
data: Audio/video files uploaded by user; handled by professional linguists
99%+ guaranteed accuracy; higher sensitivity for data handling via human reviewers
data: Video/audio content processed for subtitle creation and translation
AI + human options; supports 150+ languages; DeepL SE used for AI translation (Germany-based subprocessor)
data: Programmatic audio/video submission; same data handling policies apply
Allows integration of transcription into third-party workflows
// What to watch
- AI TRAINING DEFAULT-ON: Customer-uploaded content is used to train ML models by default. Opt-out is available via account settings or support contact but is not prominently surfaced at upload time.
- ISO 27001 OVERCLAIM RISK: The homepage and security page reference 'ISO 27001 data centres' and 'ISO 27001 compliant facility' - this is the hosting facility's cert, not Happy Scribe Limited's own ISO 27001 certification. Happy Scribe itself does not hold ISO 27001.
- HIPAA NOT SUPPORTED: Explicitly stated - 'HappyScribe is not HIPAA compliant'. Not suitable for processing US healthcare PHI.
- DPA ON REQUEST ONLY: Data Processing Agreement is not self-serve; must be requested from the enterprise sales team.
- LEGITIMATE INTERESTS FOR ML TRAINING: Privacy policy cites 'legitimate interests' as the GDPR legal basis for ML training on customer content - this basis is weaker than consent and may not hold for all enterprise use cases.
- HUMAN TRANSCRIPTION EXPOSURE: The human transcription service routes audio through professional linguists, creating additional data handling exposure that may require explicit contractual coverage.
- BRIDGE LETTER IN TRUST CENTER: The trust center lists a 'Happy Scribe Limited Bridge Letter' alongside the SOC 2 Type II report, suggesting the current audit cycle may have a gap covered by a bridge letter rather than a fresh full report.
// At a glance
Pricing model
Freemium (limited free tier) + pay-per-minute credits + subscription plans; enterprise pricing custom-quoted
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Happy Scribe Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.happyscribe.com