Skip to main content
Data protection

Voice is intimate.
We keep it in the EU.

HeySpeak runs on a 100% EU-hosted stack. Every claim on this page is backed by code, not marketing.

Start collecting voice feedback
No US data transfer for your voice notes

The short answer

HeySpeak stores every voice recording in a private EU bucket and serves it only through signed URLs that expire in 1 hour. The full stack (hosting, database, AI transcription, email, analytics) runs on European infrastructure. Free recordings auto-delete after 90 days. Recipients leave a voice note without any account, cookie, or IP log.
100%
EU-hosted infrastructure across hosting, DB, storage, AI, email, analytics
1 hour
Signed playback URL expiry. Links cannot be shared beyond that window.
90 days
Automatic deletion of recordings on the free plan, by daily cron.

Where your data lives

Made in EU

Every layer of HeySpeak that touches customer data sits inside the EU. We picked each provider for one reason: voice feedback shouldn't have to cross the Atlantic to be useful.

LayerProviderRegion
HostingVercelFrankfurt (fra1)
Database and authSupabaseZurich, Switzerland
Audio storageCloudflare R2EU jurisdiction
Transcription and AI summaryMistral AI (Voxtral)France
EmailBrevoFrance
AnalyticsPostHog (reverse proxy)EU Cloud

How recordings are protected

  • Private bucket. Audio lives in a private Cloudflare R2 bucket. There are no public URLs, ever.
  • Signed URLs expire in 1 hour. Playback links are time-limited and cannot be shared beyond that window.
  • Access gated by RLS. Before any signed URL is issued, Supabase Row-Level Security verifies the requester owns the link the recording belongs to.
  • Random file keys. Each recording is stored under a UUID, never under a user-identifying path.
  • Strict upload limits. Audio MIME types only, 50 MB cap.
  • Encryption. In transit via HTTPS, at rest via R2's default server-side encryption.

Recipients stay anonymous by default

  • No account or sign-up needed to leave a voice note.
  • No tracking cookies and no third-party analytics on the receiver page.
  • IP addresses are never written to the database. They live only in memory, transiently, for rate-limiting.
  • If a recipient enters their email, it is stored solely to send a confirmation and notify the sender. Nothing else.
  • Coarse context (browser, OS, language, country code, referrer hostname) is captured to help the sender judge the response. No full URLs. No cross-site tracking.

Your control over your data

  • Free plan retention: recordings auto-delete 90 days after submission.
  • Paid plan retention: recordings stay until you delete them or close your account.
  • Account deletion: available from your dashboard. Database records are removed immediately. Stored audio files are cleared within 30 days.
  • Data export: on request via hello@heyspeak.io. We respond within 30 days.

Engineering hygiene

  • All API keys live in encrypted secret stores (Vercel, Supabase). None are checked into source code.
  • The NEXT_PUBLIC_ prefix is reserved for non-sensitive browser values only (Supabase URL, anon key, public PostHog key).
  • Sessions are managed via server-side cookies. No tokens are stored in browser localStorage.
  • A daily cron runs the retention cleanup. Logs are kept for auditability.

Subprocessors

The full list of services that process customer data on our behalf. All have signed Data Processing Agreements.

ServiceRoleRegionNotes
VercelHosting and serverless functionsFrankfurt (fra1)EU region pinned
SupabaseDatabase and authenticationZurich, SwitzerlandRow-Level Security on every table
Cloudflare R2Audio file storageEU jurisdictionPrivate bucket, no public URLs
Mistral AIVoice transcription (Voxtral) and AI summariesFranceNo training on API data
BrevoTransactional emailFrance (EU)Receiver confirmations, sender notifications
PostHogProduct analyticsEU CloudRouted via reverse proxy
StripeSender paymentsIreland (EU entity), EU-US DPFCard data never touches our servers
GoogleOAuth sign-in for sendersEU-US Data Privacy FrameworkSign-in only

Our security roadmap

We grow our compliance posture in step with our customers' needs. Nothing here is promised by a date. It is the direction we are walking.

  • Same-second audio deletion on account close. Today, R2 audio is purged within 30 days. Next: the moment you click the button.
  • In-app GDPR data export. Replace the email workflow with a self-serve export from your dashboard.
  • Annual external penetration test. Once we have paid customers we will commission one and publish the summary.
  • ISO 27001. Becomes the right step the day an EU enterprise buyer requires it. We will not pursue it as a vanity certificate while we are still talking to our first customers.
  • SOC 2 Type II. Considered when we expand to US enterprise buyers.
  • Public uptime page. Lightweight status transparency for senders who depend on us.

Related reading

Compare

HeySpeak vs Typeform

Why an EU-hosted voice tool is a different posture than a US form builder, even when the form has a voice field.

Use case

Collect customer feedback in the EU

A practical playbook for getting voice feedback from customers without sending their words across the Atlantic.

Common questions

Where is HeySpeak hosted?
Every layer that touches your data sits inside the EU. Hosting runs on Vercel in Frankfurt. The database and authentication run on Supabase in Zurich. Audio files live on Cloudflare R2 with EU jurisdiction. Voice transcription and AI summaries are handled by Mistral AI in France. Email goes through Brevo (France) and analytics through PostHog EU Cloud, routed via a reverse proxy so no third-party domain ever loads in your recipient's browser.
Is HeySpeak GDPR compliant?
Yes. HeySpeak is built around GDPR principles by default. We collect the minimum data needed (Datensparsamkeit). Recipients of a magic link don't need an account, no IP addresses are persisted, no tracking cookies run on the receiver page, and every database table uses Supabase Row-Level Security. You can request access, export, or deletion of your data at any time at hello@heyspeak.io.
Is HeySpeak ISO 27001 certified?
Not today. ISO 27001 is on our roadmap, and we'll pursue it the day an EU enterprise customer requires it. We don't believe in collecting compliance badges before they map to real customer demand. In the meantime, the technical controls listed on this page (private storage, RLS, signed URLs, encrypted secrets, EU-only subprocessors) cover the substance of what an ISO audit looks for.
Where are voice recordings stored?
In a private Cloudflare R2 bucket inside the EU jurisdiction. Files are written under random UUIDs, never under user-identifying paths. The bucket has no public URLs. To play a recording, the sender's browser receives a signed URL that expires after 1 hour. Before any URL is issued, Supabase Row-Level Security verifies the requester actually owns the link the recording belongs to.
How long does HeySpeak keep my recordings?
On the free plan, recordings are automatically deleted 90 days after they were submitted. A daily cron job handles the cleanup. On paid plans, recordings stay until you delete them or close your account. When you close your account, database records are removed immediately and the corresponding audio files are cleared from R2 within 30 days.
Does HeySpeak use my voice data to train AI models?
No. Voice transcripts and recordings are never used to train or improve AI models. We use Mistral AI, which contractually guarantees no training on API data. We don't sell data to third parties and we don't share recordings outside the subprocessor list published on this page.

Voice feedback that stays in the EU.

Send a magic link. Get a voice note back. Every byte stays on European infrastructure. No US transfer for your voice notes.

Start collecting voice feedbackTalk to hello@heyspeak.io