Security at NaturalTTS
How we protect your data, who has access, and what we do to stay accountable.
Hosting and infrastructure
NaturalTTS runs on Vercel (frontend and API) with a PostgreSQL database hosted on Neon. Audio files and uploaded documents are stored on Cloudflare R2 with EU data residency available. All infrastructure providers maintain SOC 2 Type II compliance.
Encryption in transit and at rest
All traffic is encrypted over HTTPS/TLS 1.2+. HSTS is enabled with a max-age of two years and preload. Data at rest in Neon (PostgreSQL) and Cloudflare R2 is encrypted using AES-256 by the storage provider.
Authentication
User sessions use JSON Web Tokens (JWT) signed with a server-side secret. OAuth via Google is available for single-click login. Enterprise plans support SAML 2.0 and OIDC for institutional single sign-on. Passwords are hashed with bcrypt (cost factor 10).
Data retention
User-generated audio files and uploaded documents are retained for the duration of the active subscription. Users can request data export (GDPR Art. 15/20) or account deletion at any time from their account settings. Specific retention schedules are being formalized and will be published here.
Subprocessors
NaturalTTS uses the following third-party services to deliver the product:
| Provider | Purpose |
|---|---|
| Vercel | Application hosting, edge functions |
| Neon | PostgreSQL database |
| Cloudflare R2 | Object storage (audio, documents) |
| FastSpring | Payment processing, Merchant of Record |
| Resend | Transactional email delivery |
| TTS providers | Voice synthesis (standard and premium engines) |
Compliance
NaturalTTS is designed with GDPR and CCPA principles in mind. We provide data export, account deletion, and consent management as standard features. For US education institutions, the platform is built to support FERPA-relevant use cases — we do not claim FERPA certification (FERPA does not certify vendors), but we offer Data Processing Agreement documentation on request for enterprise customers.
Report a security issue
If you discover a security vulnerability, please email contact@naturaltts.org with "Security" in the subject line. We will acknowledge your report within one business day.
Last reviewed: 2026-04-17