Pondros← Back to home

Security

Last updated: June 24, 2026

We take the security of your meetings seriously. This page summarizes the practices we follow today. As an early-stage product, our program is evolving — if you spot an issue, please tell us (see below).

Data in transit & at rest

  • All traffic to our website and backend is encrypted over HTTPS/TLS.
  • Transcripts and notes stay on your device by default; only the segments and tasks you approve are synced to your workspace.
  • The meeting content we do store — transcripts, notes, and AI summaries — is encrypted at restin our database, so a leaked database row doesn't expose what was said.
  • App credentials (your workspace key, any transcription key) are stored encrypted in your operating system's keychain, never in plain text.

Access & isolation

  • Each workspace is isolated. New sign-ups get their own private workspace — we don't silently join you to anyone else's based on an unverified email.
  • Backend access to meeting endpoints is authenticated with a per-device key that is stored only as a hash on our servers, so a leaked database row can't be replayed.
  • Sensitive endpoints are rate-limited and usage-capped to limit abuse.

Code signing

The macOS app is signed with an Apple Developer ID and notarized by Apple, so your Mac can verify it hasn't been tampered with before it runs.

Vendors

We rely on reputable infrastructure and processing partners (Vercel, Fly.io, Supabase, Deepgram, Anthropic, Resend), each with its own security and data-protection commitments. See our Privacy Policy for the full list and what each one does.

Reporting a vulnerability

If you believe you've found a security issue, please email hey@pondros.comwith the details. We'll acknowledge your report and work with you on a fix. Please give us a reasonable chance to address it before any public disclosure.

Questions? Email hey@pondros.com. © 2026 Pondros.