Data Security & Privacy
At Sunflower AI, we understand that live services and events may sometimes include sensitive information.
Our platform is designed to provide real-time translation and captions while minimising data storage and protecting user privacy. This page explains how data flows through our system, the cloud infrastructure we use, and what privacy controls are available to customers.
Cloud Infrastructure (Microsoft Azure)
Sunflower AI’s backend services are hosted on Microsoft Azure Cloud in the Sydney (Australia) region, which helps support data residency within Australia.
Microsoft Azure provides enterprise-grade security, compliance certifications, and data protection standards used by governments, financial institutions, and global enterprises.
Azure infrastructure includes features such as:
- Secure cloud architecture
- Encryption of data in transit
- Access controls and monitoring
- Compliance with global security standards
More information about Microsoft Azure security and data privacy:
All communication between devices and our servers is protected using secure HTTPS/TLS encryption.
Need your data stored somewhere else in the world? Get in touch and we’ll see what we can arrange.
Speech-to-Text Processing (Deepgram)
Sunflower AI uses the Deepgram API to convert audio into text in real time.
Deepgram provides enterprise-grade security controls and compliance standards including: SOC 2, HIPAA, GDPR.
Audio streams are processed in real time to generate transcription used for translation and captions. Additional information about Deepgram’s data security practices: https:/
Text Translation (Google Gemini via OpenRouter)
Once speech is transcribed into text, it is sent for translation using Google Gemini models via the OpenRouter API gateway.
Sunflower AI uses Zero Data Retention (ZDR) mode, meaning: Prompts and responses are not stored. Data is not used for model training. Text is processed only for the translation request and then discarded.
More information about Zero Data Retention mode: https:/
User Authentication (Clerk)
Sunflower AI uses Clerk to manage user accounts, sign-in, multi-factor authentication, and session management. Sunflower AI does not store user passwords directly — Clerk handles password hashing and credential storage on our behalf.
Clerk provides enterprise-grade security controls and compliance standards including: SOC 2 Type II, GDPR alignment, CCPA alignment, and HIPAA-readiness (with BAA on paid plans).
Clerk’s security posture includes:
- Password hashing using industry-standard algorithms
- Multi-factor authentication options for end users
- Encryption of authentication data in transit and at rest
- Continuous monitoring and incident response
More information about Clerk’s data security practices: https:/
Session History Storage (Supabase – Sydney)
Session history is stored to allow hosts to review transcripts after a session. Session history is stored in Supabase, hosted in the AWS Sydney region (ap-southeast-2).
This helps ensure that stored data remains within Australian data centers. Supabase provides enterprise security features including: SOC 2 Type II compliance, Encryption in transit, Encryption at rest, Secure database infrastructure.
More information about Supabase privacy and security:
Data Storage and Privacy Controls
Sunflower AI is designed to support both real-time processing and optional transcript storage.
For organisations with higher privacy requirements, Sunflower AI can configure accounts to:
- Disable session transcript storage
- Disable audience transcript downloads
These options help organisations reduce the retention of sensitive spoken information. If you would like these privacy settings enabled for your account, please contact our team.
Full sub-processor list
The sections above describe the main data flows in the Sunflower AI product. The table below is the complete list of sub-processors that handle Sunflower AI or customer data — including services that support our marketing site, internal operations, and supplementary product features. Material changes to this list (additions, removals, or changes of processing region) are reflected here.
| Sub-processor | Purpose | Processing location |
|---|---|---|
| Microsoft Azure | Backend hosting | Sydney, Australia |
| Supabase | Database & file storage | Sydney, Australia (AWS) |
| Clerk | Authentication & MFA | United States |
| Deepgram | Speech-to-text | United States |
| Soniox | Speech-to-text (alternative provider) | United States |
| OpenRouter | Translation gateway (Google Gemini, ZDR) | United States |
| DeepL | Document translation | European Union (Germany) |
| Vercel | Marketing site & web tier hosting | Sydney functions; global CDN edge |
| Resend | Transactional email | United States |
| PostHog | Product analytics (no session recording) | United States |
| GitHub | Source code hosting (no customer data) | United States |
| Stripe | Payment processing | Global |
Contact Us
If you have any questions about data security or privacy, please contact us.
| info@sunflowerai.io | |
| Sunflower AI Pty Ltd PO Box 229 Concord NSW 2137 Australia |