A short summary; full details in our privacy policy.Documentation Index
Fetch the complete documentation index at: https://docs.trailercast.io/llms.txt
Use this file to discover all available pages before exploring further.
The basics
Tenant isolation
Strict separation between customers. Customer A’s transcripts never appear in Customer B’s prompts. Enforced at the database level (Postgres row-level security) and verified pre-launch.
Encryption
All data encrypted in transit (TLS) and at rest (Postgres + Cloudflare R2).
No fine-tuning of customer data
TrailerCast doesn’t fine-tune AI models on your data. We use foundation models from Anthropic; your data is input on a per-request basis under enterprise DPAs.
Audit logs
Every AI inference is logged with what was retrieved + who triggered it. 90-day retention, then auto-purged.
AI providers + data handling
| Provider | What we use it for | Data retention |
|---|---|---|
| Anthropic (Claude) | Reasoning, summarization, moment detection, Ask Winter | Enterprise DPA, no training on customer data, no retention beyond request |
| Deepgram | Transcription | Enterprise DPA, request-scoped, not retained |
| ElevenLabs | Voice cloning, narration synthesis | Enterprise DPA, voice samples retained only for the customer’s own use |
| Recall.ai | Calendar bot meeting recordings | Recordings transient, fetched immediately into TrailerCast then deleted from Recall |
Data deletion
| Action | What happens |
|---|---|
| Delete a demo | Source recording, transcript, AI outputs, embeddings, all purged within 24 hours |
| Delete an account | Everything purged within 30 days (regulatory wait period in some jurisdictions) |
| Cancel subscription | Account stays read-only for 30 days, then auto-deleted |
Private recordings
Global Admin can mark any recording as private. Private recordings are invisible to:- Other teammates (Members and Admins, including Admins with normally elevated permissions)
- The Library
- Universal search results
- Any team-level reports
What we capture vs what we don’t
We capture:- The recording you uploaded or that the bot pulled in
- The transcript we generated
- AI-generated outputs (summary, moments, deal brief)
- Engagement on share pages (views, watch %, heat-map)
- Comments, conversations, and team activity
- Other tabs in your browser
- Your screen content outside of recordings you explicitly upload or schedule a bot for
- Your email content or calendar event bodies (for calendar integrations, we read titles and attendees only)
- Any data from other TrailerCast customers, strict tenant isolation
Compliance posture
| Status | Notes |
|---|---|
| SOC2 Type 1 | In progress (target: Q3 2026) |
| SOC2 Type 2 | Following Type 1 (target: Q1 2027) |
| GDPR | Compliant (DPA available on request, data subject access requests handled) |
| CASL | Compliant (suppression list, HMAC unsubscribe, List-Unsubscribe header) |
| HIPAA | Not currently. TrailerCast is not BAA-signed. Healthcare customers should not record PHI. |
Subprocessor list
We list every subprocessor on our privacy page. Major ones:- Anthropic (AI reasoning)
- Deepgram (transcription)
- ElevenLabs (voice synthesis)
- Recall.ai (calendar meeting bots)
- Cloudflare R2 (object storage for recordings + trailers)
- Railway (compute)
- Vercel (frontend hosting)
- Stripe (billing)
- Postmark (transactional email)
- Plausible (analytics, cookieless)
- Microsoft Clarity (analytics, cookie-gated)
Data exports
You can export:- Any individual demo’s transcript + AI outputs (settings menu on the demo)
- Bulk demo metadata via the Pro+ API (coming Q3 2026)
- Audit log via support email request
Security incident response
If we discover a security incident affecting your account, we’ll notify you within 72 hours of confirmation, with:- Description of the incident
- Affected data scope
- Mitigation steps taken
- Recommendation for your action (rotate API keys, audit user activity, etc.)