Security and Privacy

Customer privacy and security are important to us. To request more information or download the Security and Privacy overview, see the Security page.

TLS encryption

Rev AI offers connection level security through HTTPS TLS encryption. Rev AI supports TLS 1.2.

Deletion control

Customer may configure its Application to send Rev an audio only file or video. When media files are sent through Rev’s API, they are transcoded into an audio file. By default, the audio file gets segmented into smaller segments that are processed by our ASR engine. The ASR engine produces outputs (e.g. embeddings, clusters, etc), which are temporarily stored in Rev’s system. The final process combines these outputs into one result for the entire file, which is returned by the API. All associated files produced by our process reside on Rev’s system for the duration of the process and then discarded once the job is deleted according to the policy described below.

Jobs will remain for up to a maximum of 30 days. After 30 days, all associated data is deleted and is irretrievable. It is also possible to configure jobs to be deleted earlier than this 30 day maximum, using any of the following methods:

  • At the account level, configure your auto-delete period while logged into your account page .
  • At the job level, submit a job with the delete_after_seconds option will override any other auto-deletion settings.
  • Manually delete jobs using the /delete API endpoint .

Be sure to save job results to your own storage if you need to access your job results beyond the configured auto-delete period.


When a job is deleted, all associated files are deleted with it. This includes the media file and all files created in the transcription process. Rev AI only retains a record of the job for accounting purposes. Subsequent GET calls to the /jobs/{id} endpoint will return 404's.

Access token

Your access token authorizes requests on behalf of your account and should be kept secret. Learn how to obtain an access token.

  • Your token should only be revealed to services that need it.
  • Do not send tokens over non-HTTPS connections.
  • If you think your token has been compromised generate a new one from your account access token page and delete the old one.