Security Overview
How Ardela protects your workspace data and recordings.
Ardela is built for professional services firms that handle sensitive client information. This page covers user-facing security concepts. For HIPAA-specific guidance, see HIPAA.
Workspace isolation
Every recording, transcript, and document belongs to a workspace. Data does not cross workspace boundaries. Users only access workspaces they belong to.
Roles and permissions
Access is controlled by workspace role and permission keys:
| Role | Typical access |
|---|---|
| Member | Create and manage own recordings; view group-shared recordings (read-only) |
| Transcriber | Work from the queue on assigned items |
| Admin | Full workspace access, settings, member management, recover stuck recordings |
Permissions can be customized per role under Settings → Permissions.
Recording access
- Authors own their recordings and control edits/deletes
- Group shared visibility allows read-only access within a group — not edit
- Admins can manage any recording including status recovery
See Groups & visibility.
Authentication
- Email/password with optional two-factor authentication (2FA)
- Enterprise workspaces can use SAML SSO
- Admins can require MFA for all members under Settings → Security
Session security
Sessions expire after inactivity and have absolute time limits. Sign out from shared computers when finished.
AI and data
- Clara proposals require explicit user approval before changes apply
- AI processing runs on your workspace-scoped data
- Generated content stays within your workspace
Activity logging
Workspace admins can review activity logs for administrative actions such as recording management and settings changes.
Data export and deletion
Account holders can export their data. Account deletion follows a grace period before permanent removal. Contact your admin or support for firm-wide data requests.
Reporting issues
If you suspect unauthorized access or a security concern, contact your workspace admin immediately and visit Support.