Security & Trust
A practical summary of how Milago handles your meeting data. For the full legal terms see our Privacy Policy and Terms and Conditions.
A note on what this page is. The list below reflects the controls and practices we have in place today. Milago does not currently hold formal certifications such as SOC 2 or ISO 27001 — we'll publish those if and when we obtain them. Customers needing a named sub-processor list, signed Data Processing Agreement, or detailed security review can request one via support@milago.ai.
No model training
Customer content is not used to train general AI models
You own your data
Export or delete from product settings
Encrypted in transit
HTTPS / TLS for all traffic
Encryption in Transit
- ✓All traffic between users and the Service uses HTTPS / TLS.
- ✓Communications with third-party providers use secure endpoints where supported.
- ✓Passwords are stored in hashed form. We never store passwords in plain text.
Infrastructure
- ✓Hosted on managed cloud infrastructure with standard provider security controls.
- ✓Data at rest relies on the encryption and security controls provided by our infrastructure and storage providers.
- ✓Monitoring, telemetry, and error reporting in place to detect and respond to issues.
AI Processing
- ✓Customer Content is not used to train general or public AI models.
- ✓Our AI providers operate under commercial / API terms that restrict use of customer inputs for general model training.
- ✓Raw audio and video are not sent to large language model providers — only text transcripts and related metadata.
Data Isolation
- ✓Application-level access controls restrict each user / workspace to its own data.
- ✓Authenticated sessions and role-based permissions gate every request.
- ✓API key authentication with scoped permissions (read, write, admin).
Your Data, Your Rights
- ✓You retain ownership of the meeting content you create and provide.
- ✓Delete individual meetings, or your whole account, from product settings.
- ✓Active-system deletion is completed within 90 days of an account-deletion request, subject to limited legal retention.
Privacy & Compliance
- ✓Designed in line with India’s Digital Personal Data Protection Act, 2023.
- ✓Grievance Officer designated for India, named in the Privacy Policy.
- ✓Data subject requests — access, correction, deletion — honoured under applicable law.
Account Access
- ✓Sign in with email + password or supported single sign-on / OAuth providers.
- ✓Per-key scopes for the REST API and MCP integration so an issued key only does what it needs to.
- ✓Members must hold an active license to use paid features — expired or suspended licenses block access.
Application Security
- ✓Webhook signatures verified on inbound payment notifications.
- ✓Rate limiting on authentication and sensitive endpoints.
- ✓Input validation on API endpoints; audit logging on administrative actions.
Sub-processor categories
Milago relies on third-party providers to deliver the Service. The categories below describe the kinds of providers we use and what they do. A specific named list of providers (and the signed agreements we hold with each) is available to customers on request — see the Privacy Policy for how to ask.
| Category | Purpose | Customer data handling |
|---|---|---|
| AI processing | Generate summaries, action items, and insights from meeting transcripts | Not used for training |
| Speech-to-text | Convert meeting audio into transcripts and speaker labels | Not used for training |
| Meeting capture infrastructure | Help the meeting bot join supported meetings | Processed for the duration of the meeting |
| Cloud hosting & storage | Host the application, store databases and media files | Retained while your account is active |
| Payment processing | Process subscriptions, invoices, and refunds | Card details handled by the payment gateway; not stored on Milago systems |
| Transactional email | Send verification, billing, and notification emails | Minimal (delivery logs only) |
Security or compliance questions?
For vulnerability reports, sub-processor lists, security review responses, or a copy of our standard data processing terms:
support@milago.ai