Encryption at Rest

privacy

The practice of storing data in encrypted form on disk, so that an attacker who gains physical access to the storage medium (or, more commonly, a cloud-storage misconfiguration) cannot read the data without the encryption keys. For a meeting copilot, encryption at rest typically covers raw audio files, transcripts in the database, and generated recaps. Industry-standard practice is AES-256 with keys managed by a dedicated Key Management Service (AWS KMS, Google Cloud KMS) and rotated on a regular schedule. Encryption at rest is distinct from encryption in transit (TLS for data moving over the network) and from application-level encryption (where the application encrypts each record with a user-specific key before the database ever sees it). SOC 2 and most enterprise security questionnaires consider encryption at rest a baseline requirement.

Related Terms

Encryption at Rest — Meeting Copilot Glossary | Pavleur