Your privacy is paramount. Learn how Summra protects your data.
Summra employs a robust E2EE architecture, ensuring that only your device can decrypt and view data. The server never has access to private decryption keys or plaintext user data.
K_audio) with AES-GCM.K_audio is encrypted with the server's public key (Pub_server) for secure transmission. The server decrypts K_audio using its private key only in a temporary, secure, and isolated environment (e.g., enclave or isolated VM) for transcription.K_transcript) is generated. The transcript is encrypted with K_transcript. Then, K_transcript is encrypted with your client device's public key (Pub_device) and sent back with the encrypted transcript.Access your E2EE transcripts securely across multiple devices. Summra's multi-device architecture is inspired by secure systems like WhatsApp and does not rely on master passwords for syncing.
Priv_device and a public key Pub_device). The private key is stored locally in a secure enclave or device keystore and never leaves the device. Public keys are shared with the server for routing.You, and only you, control access to your data. Your device's private key (Priv_device) never leaves your device, and our architecture is master-password-free.
Our servers are designed with a zero-trust model. We cannot access your unencrypted transcripts or private decryption keys. Summra servers never store, access, or derive user secrets.
We utilize strong, modern encryption algorithms like AES-GCM for data protection. Audio is encrypted with AES-GCM on the client-side.
Your audio is encrypted on your device using a unique, per-job symmetric key (K_audio) with AES-GCM. This K_audio is then encrypted with the server's public key (Pub_server) for transmission. The server decrypts K_audio using its private key only within a temporary, secure, isolated environment (e.g., enclave or VM) to decrypt the audio and perform transcription. After transcription, a new symmetric key (K_transcript) is generated. The transcript is encrypted with this K_transcript, and then K_transcript itself is encrypted with your device's public key (Pub_device) before being sent back to you. K_audio is ephemeral and not reused for transcript encryption. The temporary compute environment is securely destroyed after use.
With Summra's multi-device architecture, you can maintain access to your encrypted transcripts from your other linked devices. You can revoke access for lost or stolen devices. Additionally, you have the option to export your encrypted vault, protected with a strong password you choose, for backup and recovery in case all linked devices are lost.
No. Summra never stores or has access to your device's private key (Priv_device). Your private key is stored locally on your device, ideally in a secure enclave or device keystore, and never leaves your device. It's used locally to decrypt data intended for that device.
When adding a new device, it generates its own E2EE key pair (Priv_device_new, Pub_device_new). An existing, authenticated device (e.g., your desktop) authenticates the new device (e.g., via QR code scan) and retrieves its Pub_device_new. The existing device then encrypts your local transcript vault using Pub_device_new and transmits it to the new device. The new device decrypts this vault using its Priv_device_new, gaining access to your transcripts without needing a master password.
No. Due to Summra’s end-to-end encryption and zero-trust server design, our staff cannot access your unencrypted transcripts or your private decryption keys. Only your authenticated devices can decrypt and view your data. Summra servers never store or see unencrypted content, and all temporary compute environments used for transcription are securely destroyed after each use.