SECURITY
Built for trust.
Designed with care.
We design with data privacy, AI safety, and security at the very top of our priorities. Your trust is the foundation of everything we build.
Built for trust.
SOC 2 Type II
Audited annually by independent auditors.
GDPR & CCPA
Compliant with US and EU data protection laws.
SSO & MFA
Enterprise authentication, MFA for access.
AES & TLS 1.2+
Industry-standard encryption at rest and in transit.
infrastructure
Enterprise-grade security
from the ground up.
Secure Cloud Infrastructure
Data processed and stored in our SOC 2 compliant Azure and GCP environments. Physical access controlled via secure areas, key cards, and biometric authentication at data centers.
AES Encryption & TLS 1.2+
AES encryption at rest, TLS 1.2+ in transit. Data cannot be read, copied, or altered without authorization.
Strict Access Controls
Two-factor authentication for system administration. Role-based access with regular reviews. Access terminated upon employee departure.
Data Separation
Multi-tenant architecture with logical separation controls. Customer data is isolated and processed separately.
Daily Backups, 6-Month Logs
Databases backed up at least daily. Audit logs maintained for 6 months. Separate development, testing, and production environments.
No Model Training. Ever.
We never train models on user data. We never share it. We never sell it. Our partners are contractually bound to the same standards.
verification
Independently tested
and audited.
Annual SOC 2 Type II Audit
Independent auditor reviews design and operating effectiveness of our security controls annually. Reports available to enterprise customers under NDA.
Annual Penetration Testing
Third-party security specialists conduct penetration tests annually. Results reviewed and remediated as part of our systematic testing program.
Annual Security Training
All staff complete mandatory security training annually to maintain awareness of current threats and best practices.
MFA for Production Access
Multi-factor authentication required for all staff accessing production environments. Role-based access with regular reviews.
Incident Notification
If a security incident is confirmed, we notify affected customers per contractual commitments and provide ongoing updates throughout investigation and remediation.
Data Privacy
Responsible AI
by design.
At Napster, our AI Companions are built with a commitment to responsible innovation. “Safe by Design” is embedded into every interaction, ensuring ethical standards, user safety, and privacy remain at the core.
AI Disclosure
Contextual AI disclosure built into all Companion prompts. Every digital twin marked with "Verified Companion" badge. Professional boundaries clearly stated in scope of practice.
Crisis Safety Protocol
Multi-tier external safety system designed to detect and respond to crisis situations. References 988 Suicide & Crisis Lifeline and Crisis Text Line.
Adult Users Only
All digital twins restricted to users 18+. Age verification required at signup. No minor accounts permitted on the platform.
Data Privacy
Your conversations
are yours.
No eavesdropping
Companions only listen when you start a conversation. Outside of sessions, they're not active in the background.
No advertiser access
We do not share your personal information with advertisers. Your data is encrypted, secure, and used only for your experience.
Full data control
Delete your account to remove your data and digital twin. Any identifying content will no longer be accessible.
How It Works
Your data journey,
secured at every step.
Step 1
Your device
Audio flows encrypted from your Mac, web browser, iOS and Android app, or Napster View.
Step 2
Napster backend
Processed and stored in our SOC 2 compliant Azure and GCP environments.
Step 3
AI processing
Sent to AI providers (Google, Microsoft) under contractual protections.
Step 4
Response
Audio response encrypted and delivered back to your device.
Data encrypted in transit (TLS 1.2+) and at rest (AES). Your data is never used to train AI models.
Regulatory Compliance
California SB 243 ready.
California's first-in-nation law regulating AI companion chatbots took effect January 1, 2026. Napster is designed for compliance from day one.
AI Disclosure
Contextual AI disclosure built into all Companion prompts. Users cannot be misled into thinking they're talking to a human.
Verified Companion Badge
Every digital twin marked with "Verified Companion" badge. Professional boundaries stated in scope of practice.
Crisis Referrals
Built-in crisis protocol references 988 Suicide & Crisis Lifeline, Crisis Text Line, and findahelpline.com for at-risk users.
FAQ
Common
questions.
What happens when I talk to a Companion?
When you speak to a Companion, the audio flows from your device to our cloud, which is hosted in a secure Azure environment. We process it and send it to AI providers (such as Google or Microsoft) for further processing. We then process their response, store it in our encrypted storage, and deliver the final result to the end user. All data is encrypted in transit and at rest.
Are you SOC 2 compliant?
Yes. We are SOC 2 Type II compliant as a company, audited annually in April/May. SOC 2 compliance governs our processes—how we handle data, access controls, confidentiality, incident response, disaster recovery, and change management. These company-wide standards apply to all our products and operations.
Will my data be used to train AI models?
Never. Training models on user data—by ourselves or third parties—is something we never do. We also never share your data or sell it. Our partners are contractually required to follow the same standards.
Who has access to my data?
Access to customer data is restricted to authorized personnel who need it for maintenance, debugging, and operations. We follow the principle of least privilege, and all access is logged and audited as part of our SOC 2 compliance. Audit logs are maintained for 6 months.
How is data separated between organizations?
Our system is multi-tenant with logical separation controls. Customer data is isolated using access controls and separation mechanisms to ensure data from one organization cannot be accessed by another.
What happens if there's a security breach?
When signs of a security breach appear, we investigate immediately. If confirmed, we identify the scope and impact, then notify affected customers per contractual commitments. We provide ongoing updates throughout investigation and remediation, and conduct post-incident reviews to prevent recurrence.
Do you offer data residency options?
Regional data residency is available for enterprise customers. Data may be sent to different regions for AI processing, but once we receive a response, that data is deleted from processing regions. Your data at rest—including files, transcripts, and call history—can be stored in your specified region. This is a premium capability; contact our enterprise team to discuss requirements and pricing.
What safeguards prevent Companions from providing harmful information?
Companions are built with multiple safety layers: AI disclaimers clearly identifying them as AI-based representations, safety reviews to limit harmful behavior, continuous refinement of prompts and safety rules, and tiered crisis intervention protocols for sensitive situations. We actively monitor and update our safety systems.
Can someone create a digital twin of a child or another person?
No. All digital twins are restricted to users 18 and older. Digital twins can only be created by the individual themselves through a live consent video and verification process. Uploaded photos are screened against a database of known public figures, and unauthorized attempts to create twins of others are blocked.
Can we review your security documentation?
Yes. For enterprise customers, we provide annual SOC 2 Type II audit reports, penetration test reports from independent auditors, and complete responses to security questionnaires. Contact our team to request documentation for your security review.
Who is responsible if someone relies on Companion advice and something goes wrong?
All Companions are clearly identified as AI-based, not licensed professionals or guaranteed sources of truth. Users consent to this understanding at sign-up. Companions provide contextual AI disclosure when advice could be mistaken for professional services (medical, legal, financial). We encourage responsible use and provide disclaimers to reduce the risk of misuse.
COVERAGE
Comprehensive
product security
Napster for Web
Browser Companion experience.
Napster for Mac
Native desktop application.
Napster for iOS
Mobile application.
Napster View
Holographic display hardware.
Napster Spaces
B2B platform with Shopify integration.
Napster Learn
Higher Ed, Enterprise, and Scrum.
Companion API
Developer API for Companions
Contact
Have more
questions?
Our team is here to help you understand our security practices.
