USpeaks Enterprise Trust Packet
Prepared for: Enterprise Data Purchasers
Version: 1.0
Document Type: Pre-Sales Security Package
1. Company Overview
UspeakS, Inc. operates the Applesauce platform for licensed voice data and ML training datasets.
| Attribute | Value |
|---|---|
| Platform | Applesauce |
| Products | SKU 1: Dataset Licensing, SKU 2: ML Training |
| Data Type | Voice recordings, embeddings, features |
| Primary Use | AI/ML training, TTS, voice synthesis |
2. Security Overview
2.1 Access Control
- Authentication: Supabase Auth (OAuth, email/password)
- Authorization: Row Level Security (RLS) on all tables
- API Security: Token-based authentication, rate limiting
2.2 Encryption
- At Rest: AES-256 (Supabase managed)
- In Transit: TLS 1.3 enforced
- Key Management: Supabase managed keys
2.3 Infrastructure
- Hosting: Kubernetes on managed cloud
- CDN/Edge: Cloudflare
- Database: PostgreSQL (Supabase)
- Storage: Supabase Storage (S3-compatible)
2.4 Incident Response
- Kill Switch: Revokes future access (API keys, URLs). Post-delivery enforcement is contractual.
- Deletion Window: 24 hours upon breach notification
- Contact: security@uspeaks.space
3. Privacy & Biometric Compliance
3.1 Consent Framework
| Consent Type | Document | Separate Agreement |
|---|---|---|
| Biometric | creator_agreement.md §6 | Yes |
| ML Training | Data_Contributor_Agreement.md | Yes |
| Synthetic Use | ai_consent_screen.md | Yes (Domain D) |
3.2 Biometric Data Handling
Per Illinois BIPA (740 ILCS 14):
- Written consent before collection ✅
- Purpose disclosure ✅
- Public retention schedule ✅
- Destruction procedures ✅
3.3 Retention Schedule
| Data Type | Retention |
|---|---|
| Raw Audio (Platform Only) | Until purpose + 30 days |
| Embeddings | Same as source |
| Model Weights | License term + 90 days |
| Consent Records | 7 years |
Note: Raw audio may be processed internally for verification/QC but is strictly excluded from SKU2 export bundles (Derived-Only).
Full policy: /compliance/policies/retention-policy.md
4. Licensing Controls
4.1 Four-Domain Model
| Domain | Use Case | Restrictions |
|---|---|---|
| A | Promotion | No identity claims |
| B | Entertainment | No defamation |
| C | Information | No safety-critical |
| D | Synthetic | RAIL-D required, deletion cert |
4.2 Buyer Restrictions (buyer_agreement.md §5)
Buyers may NOT:
- Use outside selected Domain
- Re-identify individuals
- Sublicense without permission
- Create unauthorized voice clones
4.3 Enforcement
- Audit rights for enterprise tier
- Kill switch for violations
- Breach = immediate termination
5. Data Lineage & Provenance
5.1 Asset Tracking
Every voice asset has:
- Creator consent record
- Processing history
- License transaction log
- Delivery confirmation
5.2 SKU 2 (ML Training) Specifics
- 70/30 revenue split (Creators / Platform)
- Pro-rata attribution by volume
- Personal Data Receipts (PDRs) for creators
- Cohort-level tracking
6. Compliance Status
| Framework | Status | Evidence |
|---|---|---|
| Illinois BIPA | ✅ Compliant | Consent ledger, retention policy |
| TN ELVIS Act | ✅ Compliant | Domain D controls, consent |
| Texas Biometric (2026) | ✅ Prepared | Retention + consent updates |
| SOC 2 Type I | 🔶 Ready | TSC mapping (91.7% coverage) |
| GDPR | 🔶 Partial | Processing map, consent |
| CCPA | 🔶 Partial | Opt-out mechanisms |
7. Subprocessors
| Provider | Purpose | DPA |
|---|---|---|
| Supabase | Database, Auth, Storage | ✅ |
| Cloudflare | CDN, DNS, DDoS | ✅ |
8. Available Upon Request
- Consent audit report (JSON/CSV)
- Sample deletion certificate
- Full legal document set
- Data processing map
- TSC control mapping
Contact: enterprise@uspeaks.space
9. Certifications & Roadmap
| Item | Status | Timeline |
|---|---|---|
| SOC 2 Type I | Planned | Q3 2026 |
| Cyber Insurance | Pending | Q2 2026 |
| GDPR DPA Template | Available | Now |