Your data security
is our priority
At Char, we believe your meeting conversations are among your most sensitive data. That's why we've built security into every layer of our architecture, not as an afterthought, but as a foundational principle.
Security principles we live by
These are product decisions and documented tradeoffs, not vague promises.
Local-first workflows
Core notes, recordings, and local-model workflows stay on your device. Cloud transcription, sync, and managed AI are opt-in.
OS-level protection
Char stores core data as local files on disk. Protection comes from your operating system, file permissions, and full-disk encryption such as FileVault or LUKS.
Clear data flow
You choose local models, BYOK providers, or managed services. The docs spell out what is sent for each path.
Open source transparency
Every line of code is publicly auditable. Security researchers and privacy advocates can verify our claims by inspecting the source.
Local-first means secure by default
Unlike cloud-only tools, Char can keep notes, recordings, and local-model workflows on your machine. If you enable cloud features, that data flow is explicit.
Audio stays local by default
Recorded audio files stay on your device unless you explicitly choose a cloud transcription or sync feature.
Local AI is available
You can transcribe and run AI locally with supported models, or switch to a cloud provider when you want managed services.
File-based storage
Core data is stored as local Markdown and JSON files on disk, not locked in a hosted database.
Works offline with local models
If you use local STT and local LLMs, Char works without an internet connection. Cloud transcription, sync, and managed AI still require network access.
Protection and transport
Today Char relies on operating-system protections for local files and encrypted transport for network requests.
Local data protection
Char does not currently add its own encryption layer to local files. Protection comes from your OS account permissions and any full-disk encryption you enable, such as FileVault or LUKS.
Encryption in transit
When you use cloud features, requests are sent over encrypted connections to the configured Char service or provider.
Encryption roadmap
We are investigating an additional encryption layer for sync and other cloud workflows, but we do not present that as shipped today.
Security through transparency
Open source isn't just about collaboration. It's about trust. When you can see exactly how your data is handled, you don't have to take our word for it.
Fully auditable
Every function, every data flow, every security measure is visible in our public repository. Security researchers can audit our code and report vulnerabilities through our responsible disclosure program.
Community reviewed
Thousands of developers have reviewed our codebase. Bugs and security issues are caught faster when many eyes are watching. This collective vigilance makes Char more secure than any closed-source alternative.
Enterprise-ready security
For organizations with advanced security requirements, Char offers enterprise features that meet the most demanding standards.
Self-hosted deployment
Deploy Char on your own infrastructure for complete control over your data and security policies.
SSO integration
Integrate with your existing identity provider for seamless and secure authentication.
Compliance ready
Built to support GDPR, HIPAA, and SOC 2 compliance requirements with comprehensive audit logging.
Access controls
Granular role-based access controls let you define exactly who can access what data.
Ready to take control of your meeting data?
Join thousands of professionals who trust Char to keep their conversations secure and private.