Security
How AudioDN protects your audio, your credentials, and your listeners.
Controls
Signed, time-gated URLs
All audio is delivered via short-lived signed URLs. TTL is configurable per play session (seconds to hours). URLs are scoped to a specific track or collection.
Client-side keys are scoped
Keys used in browsers and mobile apps are scoped to a single collection or single track and tagged as Player or Uploader. They cannot read other resources or call admin endpoints.
Server-side keys never reach the browser
Full-access API keys are server-only. Mint client-side or session-bound credentials at request time. Keys can be rotated without invalidating in-flight sessions.
TLS in transit
Every request to api.audiodelivery.net and components.audiodelivery.net is TLS 1.2+. HTTP requests are upgraded automatically.
Encryption at rest
Origin storage is encrypted at rest (AES-256). Variants and cache layers inherit the same posture.
IP and referrer policies (Business / Platform)
Restrict play and upload sessions to allowed referrers, IP ranges, or origin domains.
Data handling
| Audio originals | Stored encrypted at rest. Retained while your plan is active. Deleted on request. |
| Variants and previews | Derived from your originals according to your variant config. Cached at the edge with TTLs. |
| Session and key metadata | Stored to enforce access policies. Includes session IDs, scopes, TTLs, and an optional end-user identifier you provide. |
| Logs and analytics | Aggregated playback and request logs are retained for analytics. Personally identifiable information is not stored without your explicit configuration. |
| AI / ML training | We do not train models on your audio. |
Compliance posture
SOC 2
In progress. Controls are implemented and being formalized for audit.
GDPR
DPA available on request. We act as a processor for content you upload.
Sub-processors
Cloudflare (R2, Workers, edge cache). Payment processing by Stripe. Available on request.
Responsible disclosure
Found a security issue? Email [email protected]. We acknowledge reports within two business days and aim to remediate critical issues within seven.