Security
Speakr is built for trust. Here's how we handle your voices, scripts, and audio.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest in Cloudflare R2 and Supabase Postgres. No customer audio is ever stored unencrypted.
Mandatory consent for cloning
Every cloned voice requires an audible consent recording, transcribed and fuzzy-matched against the required statement before the voice becomes usable.
Row-level security
Postgres RLS ensures users can only ever see their own voices, generations, and usage data. Service-role access is restricted to webhook handlers and admin tasks.
Isolated GPU workers
Inference runs on ephemeral RunPod Serverless workers. Workers are reset between jobs — no customer audio is persisted on the GPU node.
Signed audio URLs
All audio downloads use short-lived signed URLs (1 hour by default). Sharing a URL with a third party expires it automatically.
No training on your data
We never use customer voice samples or generated audio to train our underlying models. Your data trains nothing.
Report a vulnerability: security@flexifunnels.com. We acknowledge reports within 24 hours.