Enterprise translation platforms handle sensitive content — safety procedures, compliance requirements, proprietary operational data. The security architecture of the platform is not a feature to be added later. It must be foundational.
Principle 1: Zero Audio Transmission
The most sensitive data in a translation session is the audio itself — the trainer's voice, the content of their speech. VOXS eliminates this risk entirely by running speech recognition locally in the browser. The Web Speech API processes audio on the trainer's device. Only the resulting text — never audio — is transmitted over the network. There is no audio to intercept, store, or leak, because audio never leaves the device.
Principle 2: Ephemeral Sessions
Session data exists for the duration of the session. Translated content is delivered in real-time via encrypted pub/sub channels and is not persistently stored on the platform. When a session ends, the real-time delivery channels are closed. There is no archive of translated content sitting on a server waiting to be breached.
Principle 3: No Personal Data Collection
Students join sessions with a first name and a language selection. No email address, no phone number, no device fingerprint, no tracking cookies. The platform collects the absolute minimum data required to deliver the service. GDPR's data minimisation principle is not just met — it is exceeded.
Principle 4: Scoped Authentication
Every real-time connection uses a scoped authentication token that grants access only to the specific session channel the student has joined. Tokens have a defined TTL (time to live) and cannot be reused across sessions. There is no way for a participant in one session to access content from another session.
Principle 5: End-to-End Encryption
All data in transit is encrypted with TLS 1.3 — the strongest transport layer security available. There are no unencrypted paths in the system. API calls, real-time pub/sub messages, and web interface connections all use TLS 1.3 without exception or fallback.
Principle 6: Data Isolation
In a multi-tenant environment, each organisation's data is logically isolated. Users in one organisation cannot access sessions, transcripts, or analytics belonging to another organisation. Role-based access control ensures that trainers see their own sessions, organisation admins see their organisation's data, and platform admins see the full picture.
The Result
These architectural decisions make VOXS suitable for deployment in environments with strict data governance requirements: government training programmes, defence contractors, regulated industries, and organisations operating under GDPR, Saudi data protection regulations, and similar frameworks. Security is not a feature we added. It is how the platform was built.