Security

Your voice, your data, your keys.

We built VoiceMoat assuming creators will be paranoid, and rightly so. Here's exactly how we handle your data.

Our principles

Four commitments we won't walk back.

Your voice profile is yours alone.

We never use your posts, voice profile, or generated content to train shared models, improve other customers' experiences, or sell data to third parties. Your writing is yours.

Explicit, minimal data collection.

We only collect what we need to run the product: account details, your connected X/LinkedIn accounts, your voice profile training data, and your drafts. No tracking scripts sold to ad networks. No shadow profiles.

Encryption by default.

All data in transit uses TLS 1.3. Data at rest is encrypted via Supabase's managed Postgres (AES-256). Secrets and API keys are stored in Vercel's encrypted env store, never committed to the repo.

One-click data deletion.

Delete your account from Settings and your voice profiles, drafts, and analytics are hard-deleted within 30 days. Export is available before deletion if you want your data back.

Under the hood

The security stack, in public.

Hosting

Vercel (US / EU edge network)

Database

Supabase managed Postgres with RLS enforced per user

Auth

Supabase Auth with OAuth providers (X, LinkedIn, Google)

Error tracking

Sentry. PII scrubbed before transmission.

Analytics

Vercel Analytics. No third-party trackers.

Backups

Nightly encrypted Postgres snapshots, 30-day retention

Secrets

Managed via Vercel env vars with scoped rotation

Payments

Razorpay. We never store card details.

Responsible disclosure

Found a vulnerability?

→Contact: founder@voicemoat.com
→Response time: under 24 hours on weekdays, acknowledged within 72 hours on weekends
→Safe-harbor for researchers acting in good faith within the scope of this policy
→Public disclosure coordinated after fix + 30-day customer notification window

Email founder@voicemoat.com