Plaud has data centers in the following regions: US AWS-West, EU AWS (Frankfurt), Japan AWS, and Singapore AWS. Users outside these regions will have their data processed in the nearest available region by Plaud.

When it comes to the LLMs Plaud uses (GPT, Claude, and Gemini), users in Europe will have EU-hosted, enterprise-grade subprocessors, and the rest of the world will rely on US-hosted LLMs.

All data is transferred to the cloud for processing. However, audio and transcription data are not stored in the cloud unless the Cloud Sync feature is enabled by the user. If cloud sync is disabled, all associated data will be deleted from the cloud once it is transferred back to the phone.

All data is transferred to the cloud for processing. However, audio and transcription data are not stored in the cloud unless the Cloud Sync feature is enabled by the user. If cloud sync is disabled, all associated data will be deleted from the cloud once it is transferred back to the phone.

Plaud does not train on users’ data by default, unless users opt-in manually in their settings.

With regards to Plaud’s subprocessors uses enterprise APIs with a zero data retention policy, meaning API providers do not store or reuse customer data for training. These restrictions are explicitly stipulated in our contracts and Data Processing Agreements with all sub-processors, prohibiting any use of customer data for model training beyond the agreed purposes.

In Transit: All data is encrypted using HTTPS/TLS 1.2 or above.

At Rest: Data is encrypted using AES-256.

At this time, Plaud provides a multi-region cloud-hosted solution that meets the strictest global security & compliance standards, including GDPR, ISO 27001, ISO 27701, SOC2 Type 2, HIPAA and EN 18031.

For transcription, Plaud uses multiple enterprise-grade models for transcription, including proprietary fine-tuned models, to ensure state-of-the-art accuracy. User data is not used for training these models, unless explictly opted in.

1. Recordings will be deleted from the device once they are transferred to user’s mobile phone via the Plaud app.
2. Only the Plaud account that the device has binded to can access and decrypt the data.
So if users lose their device, no one but the binded account has access to data. Users can also unbind the device remotely with Plaud Support. Data would be deleted from the lost device after the device is unbinded.

By default, users must manually label speakers for each recording, and Plaud does not recognize labeled speakers across recordings. However, users can enable auto-speaker labeling, which attempts to label speakers across recordings using a similarity search mechanism (not biometric profiles). If cloud sync is enabled, users can opt-in to sync these labels across Plaud Web and Mobile. No personally identifiable information can be gathered from speaker labels.

We retain users’ data only for as long as it is necessary to fulfill the purposes described in the Privacy Policy, primarily to provide our services. Most of data is associated with the user account and is kept for as long as the account remains active. When user deactivates the account, we will take steps to delete or anonymize this data in accordance with applicable laws.

Plaud personnel do not routinely access users’ data. Access may occur only in limited, controlled scenarios, such as:

• When a user explicitly requests technical support that requires investigation of specific data
• When necessary to diagnose system errors or security incidents
• When required to comply with applicable laws or valid legal processes

Any such access is restricted to authorized personnel, subject to role-based access controls, logging, and internal approval processes. Access is performed only from secured production environments and in accordance with Plaud’s security and confidentiality policies.

Plaud’s DPA with Standard Contractual Clauses (SCCs) is automatically incorporated into our Commercial Terms of Service, and can be viewed here. When you accept Plaud Commercial Terms of Service, you also accept our DPA.