Trust
Security
Infrastructure
BantuNomics runs on Google Cloud. Structured data (inventories, metadata, consent records) lives in MongoDB Atlas (dedicated cluster, continuous point-in-time backups enabled); audio lives in Google Cloud Storage. Access is governed by least-privilege IAM service accounts — no human-shared keys in the serving path.
Consent-gated audio delivery (no identifier leakage)
Audio is never served from a public bucket or a guessable URL. Every clip is
delivered through a proxy that takes a cryptographically signed, opaque
token — tamper with the signature or pass a raw storage path and the
request returns 404. The following are never present
in any API or audio response:
Speakers appear only as anonymized public IDs (e.g. BEM-A04) with
coarse demographics. A build-time regression test fails the release if any
forbidden identifier appears in a response body — the highest-risk surface is the
most-tested one.
Data separation
Personally identifying contributor information (name, email, phone, exact residence) is stored separately from the anonymized linguistic data shared with commercial partners. Deliverables to licensees are de-identified; identifying fields are not part of the licensed product.
Encryption & access control
- TLS in transit; provider-managed encryption at rest (Atlas + GCS).
- Role-scoped application access; entitlement-gated API (eval vs. Founding Partner).
- Every authenticated API call is logged for audit and abuse detection.
- Continuous Cloud Backup / point-in-time recovery on the database.
SOC 2 roadmap
BantuNomics operates a SOC 2 program scoped to Security and Confidentiality, adding Privacy for Type II. The controls below are already in production; the attestation formalizes and independently verifies them. Reports are shared with partners under NDA.