Security Architecture
Pensaernïaeth Diogelwch
Last updated: March 2026
This page explains the technical pipeline that Capsiynau uses to process your files — from upload through to transcript delivery.
File Upload
When you upload a media file to Capsiynau:
- Your browser requests a presigned upload URL from the Capsiynau API
- The API authenticates your session and generates a time-limited signed URL
- Your file is uploaded directly to Cloudflare R2 — it never passes through Capsiynau's API servers
- This bypasses server-side file size limits and ensures fast, reliable uploads of large files
Benefits: Files are encrypted in transit using TLS. Upload URLs expire after 15 minutes. Files are isolated within your account's storage namespace.
Transcription Pipeline
After upload, files are processed through a controlled background pipeline:
Upload Complete
↓
Job queued in Upstash Redis
↓
Railway worker picks up job
↓
File validated and downloaded
↓
Audio sent to transcription engine
↓
Transcript returned and processed
↓
Segments stored in Supabase
↓
Project marked as readyThe worker runs on a dedicated Railway container — separate from the API — ensuring that long-running transcription jobs do not affect other users.
Transcription Engines
Capsiynau integrates with multiple enterprise AI providers:
| Engine | Provider | Notes |
|---|---|---|
| OpenAI Whisper | OpenAI | Welsh-prompted, word-level timestamps |
| GPT-4o Transcribe | OpenAI | Highest accuracy for complex content |
| GPT-4o Mini Transcribe | OpenAI | Fast, balanced accuracy |
| Universal-2 | AssemblyAI | Strong Welsh with word boost |
| Chirp 2 | Google Cloud | Native Welsh (cy-GB) support |
Each provider receives only the audio data required to complete the transcription request.
Transcript Storage
Generated transcripts are stored within your project workspace in Supabase:
- Caption text and timing data
- Speaker labels
- User edits and version history
- Confidence scores
Transcripts remain accessible until you delete them or remove the project.
Data Deletion
Automatic deletion: Temporary processing files may be deleted automatically after transcription. Files marked for deletion are removed from R2 storage within 48 hours of processing.
User-initiated deletion: Delete a project → removes transcript, segments and associated files from R2. Delete account → removes all projects, transcripts and personal data.
GDPR right to erasure: Deletion requests are processed within 30 days. Associated data held by sub-processors is removed where possible.