Security & Infrastructure
1. Infrastructure
Pocket Archive runs on Cloudflare Workers, a serverless edge platform operating in 300+ cities worldwide. There are no centralized servers to breach — your data is processed at the edge and never stored on disk.
2. Data in Transit
All connections use TLS 1.3 encryption. Your recordings travel from HeyPocket's API through our Worker to your cloud storage over HTTPS. We never downgrade or skip encryption.
3. Data at Rest
We don't store your recordings. Audio and transcript data is processed in-memory and immediately uploaded to your chosen cloud provider. After successful upload, it's discarded. The only data we retain is your OAuth refresh token and configuration preferences, stored in Cloudflare's encrypted KV storage.
4. Authentication
We use Google OAuth 2.0 (and will support Microsoft, Apple, etc., in the future) for identity verification. We never see or store your passwords. Your session is protected by HMAC-SHA256 signed cookies with automatic expiration.
5. Third-Party Partners
| Partner | Role | Data Shared |
|---|---|---|
| HeyPocket API | Source of audio & transcripts | Audio files, transcripts, API key |
| Google Drive / OAuth | Authentication & Destination | Email, Refresh Token, Files uploaded |
| Cloudflare | Edge Compute & KV Storage | Tokens, User Preferences (Encrypted) |
| Resend | Transactional Email | Email Address (Waitlist/Alerts only) |