Trust & Safety

Security at MLALab

We take the security of your content and data seriously. Here's how we protect you.

Last Updated: March 10, 2026

1. Infrastructure Security

Hosting & Network

  • SOC 2-certified cloud infrastructure providers
  • Global CDN with enterprise-grade DDoS protection
  • Isolated compute environments for each service
  • Automated container deployments with zero-downtime rollouts

Encryption

  • All data in transit encrypted via TLS 1.3 (HTTPS)
  • Database encrypted at rest with AES-256
  • Secrets and credentials managed via encrypted environment variables
  • OAuth tokens stored securely with httpOnly session cookies

2. Access Control & Authentication

User Authentication

Secure OAuth 2.0 sign-in via Google. We never store or see your password. Session tokens are httpOnly, secure, and expire automatically.

Data Isolation

Row-level security ensures every user can only access their own projects, credits, and data. No cross-account access is possible at the database level.

Internal Access

Production database access is restricted to authorized engineering personnel only. All service-to-service communication is authenticated via API keys with role validation.

3. Payment Security

PCI DSS Level 1 Compliant

All payment processing is handled by a PCI DSS Level 1 certified provider — the highest level of payment security certification. We never store, process, or transmit your card details on our servers.

Webhook Signature Verification

All payment events are cryptographically verified before processing to prevent tampering or replay attacks.

No Card Storage

Your credit card never touches our servers. Payment details are entered directly on the payment provider's secure hosted checkout page.

4. Google API Services Compliance

Limited Use Disclosure

MLALab.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

No Sale of Data:

We do not sell your YouTube data to third parties, advertisers, or data brokers.

No Advertising:

We do not use your data for serving ads, retargeting, or personalized advertising.

No Human Readability:

No human will read your data unless we have your affirmative agreement for specific troubleshooting or as required by law.

Minimum Required Permissions

We only request access to specific Google/YouTube permissions that are absolutely necessary for core functionality.

Permission ScopeWhy We Need It
youtube.uploadTo read the duration, metadata, and captions of videos you want to dub. We do not upload content to your channel.
youtube.force-sslTo verify channel identity and read video metadata securely.
userinfo.emailTo create your account and send Drift Alerts for audio sync status.

5. Data Processing

Your content is processed through our secure AI pipeline for transcription, translation, and voice synthesis.

Ephemeral Processing

Raw video and audio files are processed in isolated, ephemeral environments. Files are automatically purged after processing completes.

No Model Training

Your content is never used to train AI models. All AI processing partners contractually guarantee your data is processed ephemerally and not retained.

Output Ownership

You own 100% of the translated output. Completed Global Packs are stored in encrypted cloud storage and available for download at any time.

6. Data Retention & Deletion

You retain full ownership of your data. We have implemented a strict Data Deletion Protocol compliant with Google's requirements and GDPR standards.

How to Delete Your Data

Step 1: Revoke MLALab.ai's access to your YouTube data at any time via the Google Security Settings page.

Step 2: Request a permanent wipe of all metadata and account history from our servers:

Automated Method

Go to Settings → Danger Zone → Delete Account in your MLALab dashboard. This instantly removes all your data from our systems.

Manual Request

Email security@mlalab.ai with the subject line "Data Deletion Request." We will permanently delete all your user data within 7 days (well within the Google-mandated 30-day window) and send you a confirmation of erasure.

7. Responsible Disclosure

We welcome responsible security research. If you discover a vulnerability, please report it to us privately so we can address it before public disclosure.

How to Report

  • Email security@mlalab.ai with details
  • Include steps to reproduce the issue
  • Allow reasonable time for us to fix before disclosure

Our Commitment

  • Acknowledge reports within 48 hours
  • Critical issues addressed within 7 days
  • Safe harbor — no legal action against good-faith researchers

8. Incident Response

In the unlikely event of a security incident affecting your data:

Notification within 72 hours — We will notify affected users within 72 hours of confirmed breach, in compliance with GDPR Article 33.

Transparent communication — We will provide clear details about what happened, what data was affected, and what steps we're taking.

Remediation — Immediate containment, root cause analysis, and preventive measures to ensure it cannot happen again.

Contact Security Team

Questions or Concerns?

For security inquiries, vulnerability reports, data deletion requests, or DPA requests. Enterprise customers can request a Data Processing Agreement.

security@mlalab.ai