Guide
Confidential Mandarin recording pre-transfer checklist: making NDAs concrete
A confidentiality promise alone does nothing — only enforceable actions do. This checklist translates "we take confidentiality seriously" into a set of concrete actions that can be written into NDAs and handling agreements, so a first-time buyer can fully scope confidentiality before sending the first recording.
Why an NDA alone is not enough
Signing an NDA is the start of a confidential engagement, but an NDA by itself does not change how the file is stored, who can open it, how long it is retained, or whether it can be uploaded to a generic cloud ASR. If these actions are not made explicit, the engagement falls back on each vendor's "default habits" — and habits vary widely. The purpose of this checklist is to translate confidentiality commitments into a set of concrete actions that can be written into a contract, turning the NDA from an endpoint into a starting point.
NDAs typically govern "after", not "during"
A standard NDA mainly governs "non-disclosure to third parties", but most confidentiality risk arises during processing: where files live, who can download them, whether deletion goes to a recycle bin, whether the file is uploaded to a cloud AI tool for recognition. Unless these process details are written into a handling agreement alongside the NDA, the NDA cannot help when an incident occurs.
Why the buyer should bring the checklist
Even when vendors have internal protocols, they do not always volunteer the execution details. A buyer-supplied checklist — named access, encrypted transfer, retention window, tool exclusion — both filters out vendors that are vague on these points and gives serious vendors a clean way to plug their existing process into your specifics. A fuller scoping pass is in the buyer's guide: confidentiality section.
Access scope: named individuals vs. "the team"
"Our team will keep it confidential" has no enforceable definition. A truly auditable version is: list the specific names that may open this file, and write into the NDA that this is the ceiling. It looks pedantic, but it is the floor for decision-grade recordings — if your file gets opened by anyone beyond the five named individuals, that is a breach.
How to request a named access list
Ask the vendor for a "named access" list for the project: name / employee ID, region, role (transcriber, reviewer, project manager, etc.). The list can be updated as the project evolves, but it should be written. If a vendor refuses to provide one or only commits to "no more than X people", consider another vendor.
Is the subcontracting chain disclosed
Some vendors subcontract transcription to freelancers. This is not necessarily a problem on its own, but the subcontracting chain must be transparently disclosed, and every link must be covered by the NDA. Invisible subcontracting is the single most common source of confidentiality incidents.
Transfer method: encrypted channel vs. generic cloud share
How files are transferred determines the leakage window. Generic cloud share links (even "only this person can view") and email attachments do not count as controlled transfer — links can be forwarded, emails can be screenshotted, caches can persist. Controlled transfer should be an encrypted channel (end-to-end encryption) or a client-owned private cloud space.
Recommended transfer methods
From most to least controlled: (1) a client-owned controlled shared space with client-granted access; (2) end-to-end-encrypted file transfer (for example, encrypted links with expiry); (3) encrypted compressed archives transferred separately from their password via a different channel. Generic cloud drives, instant-messenger file transfers, and email attachments are not recommended for sensitive recordings.
Why avoid email attachments
Email passes through multiple server hops, each of which may leave a copy. Email attachments also spread easily through the habit of hitting "Reply All", reaching recipients beyond what was agreed. Even encrypted attachments are often defeated by sending the password through the same email — which is equivalent to no encryption.
Storage location and cross-border compliance
Where the file lives, how many copies exist, and who backs it up are the most often overlooked questions in a confidential project. "We use AWS" is not the same as "we have a controlled location for your recording". Buyers should confirm in writing: storage region, whether transfer crosses borders, whether backups exist, and how long backups are kept.
Cross-border considerations
When the client entity is outside the storage region or the team is distributed across regions, cross-border transfer and storage compliance (including China's PIPL, GDPR, and other applicable regulations) should be agreed in writing before the project begins. Recordings containing personal data or regulated content may require explicit cross-border export filings.
The hidden problem with backups
Vendor backup systems may copy files to multiple regions or multiple cloud providers without your knowledge. This is a high-frequency compliance blind spot. Specify in writing that at project end, all backups (including archival cold storage) are deleted alongside primaries, and that deletion confirmation is provided.
Retention window and deletion process
30 / 60 / 90 days is the common industry default, but the specific window should be chosen for your project's sensitivity and written into the agreement. Deletion is not "move to recycle bin" — it should be explicit non-recoverable deletion (including backups, caches, and logs), with written deletion confirmation after completion.
Why insist on written deletion confirmation
A verbal "it's deleted" and a written deletion confirmation carry very different legal weight when an incident occurs. Written deletion confirmation should include: deletion date, file paths or project IDs covered, confirmation that all backups and caches are included, and signatory. A single page costs almost nothing to produce and is highly valuable after the fact.
Operational note on short retention windows
For extremely sensitive projects, the agreement can require deletion of the source recording within 24–48 hours of acceptance, leaving only the final deliverable in the client's own custody. This "use and delete" pattern has small operational impact on the vendor but materially shrinks the risk exposure window.
Tool exclusion: generic cloud ASR / AI correction
Generic cloud ASR services and large-model AI correction tools are channels through which "the file leaves the boundary between you and the vendor". For sensitive projects, tool exclusion should be a contract clause: "This project will not use any generic cloud ASR service for transcription, and will not use any large-model AI for correction, rewriting, or quality control." The same boundary is reflected in the confidential offline workflow scenario.
Why local offline AI is a different question
Locally deployed offline models (running on the vendor's own servers, file never leaves the perimeter) and cloud SaaS tools are different things. The former can be permitted as auxiliary quality control under explicit scope; the latter should be excluded explicitly. Drawing the line clearly prevents the grey-zone phrase "we use AI, but locally".
How to audit tool exclusion
Tool exclusion is enforceable through two things: (1) explicit prohibition in the contract with a clear breach clause; (2) a process that is structurally auditable (named access + encrypted transfer + no channel to third-party services). Commitments that are not structurally enforceable are not commitments.
Minimum necessary disclosure
The strongest line of confidentiality defense is not any technical control — it is "information that should not be seen is never sent in the first place". In the first scoping conversation, share only the minimum needed: approximate length, language scope, sensitivity reason (without specifics), and required confidentiality intensity. Detailed recordings and reference materials should be transferred after NDA, handling agreement, and tool-exclusion rules are confirmed in writing.
What to avoid disclosing at first contact
Avoid disclosing at first contact: specific interviewee names, organization names, trade secret content, unreleased decision details. These should be shared only after the project formally begins. If a vendor asks for detailed background at the scoping stage, treat it as a signal that their process is not professional.
Phased disclosure
A three-phase disclosure works well: (1) scoping — length, sensitivity reason, confidentiality intensity only; (2) post-NDA — project type, industry context, terminology direction; (3) post-agreement — the actual recording, reference materials, and term lists. Each phase corresponds to an explicit confidentiality tier.
Incident protocol: if a leak is suspected
Confidential project contracts should include an incident protocol for when a leak is suspected: notification deadline (recommend within 24 hours), notification form (written + email), obligation to cooperate with investigation, triggers for pausing further transfer, and breach compensation calculation. The point of these clauses is not just downside protection — it gives the vendor a reason to prevent leaks in the first place.
Why a 24-hour notification matters
When a leak involves personal data, China's PIPL requires notification of regulators and affected parties within a reasonable period; GDPR and similar regulations are stricter (72 hours). If the vendor cannot notify you within 24 hours, you cannot complete your own regulatory notification within the compliance window.
Confidentiality cadence in recurring engagements
In long-term engagements, confidentiality risk drifts from "discipline" to "familiarity". Named access, encrypted transfer, and deletion confirmation that are strict at engagement start can quietly become "as usual" by the sixth project. Build in at least a quarterly confidentiality review: refresh the access list, confirm completed deletions, and re-audit storage location.
Onboarding new personnel
Team membership changes. The contract should require: new personnel must sign the NDA and be reported to the client in writing before being added to the access list; departed personnel lose access on the day of departure.
Pre-transfer checklist
Distill the whole guide into a single checklist to walk through before signing. Each item should be confirmed in writing (email or contract clause), not verbally:
- Does the NDA cover the processing process (not just "non-disclosure to third parties")?
- Is a named-access list provided, and does it include the subcontracting chain?
- Is the transfer method an encrypted channel or a client-owned controlled space?
- Are storage region, cross-border status, and number / location of backups in writing?
- Are retention window and deletion process explicit, with written deletion confirmation available?
- Is generic cloud ASR / AI correction explicitly excluded in the contract?
- Is local offline AI handled separately, with permitted scope defined?
- Can minimum disclosure be maintained in the first scoping conversation?
- Is the incident notification deadline and form explicit?
- Is there a recurring confidentiality review in long-term engagements?
Next steps
Review service scope
See how mixed-language, terminology-heavy, speaker/number-critical, and confidential offline projects are scoped.
See services →Compare a real sample
Anonymized comparisons showing ASR error patterns, human correction, and offline workflow differences.
See samples →Start a project conversation
Share language mix, terminology density, speaker/number requirements, turnaround, and confidentiality needs.
Contact FingerPower →Free resource
Mandarin transcription buyer's checklist
A short PDF distilling this guide into a checklist: NDA terms, file handling, terminology preferences, and turnaround expectations.
We will send it from service@fingerpower.com after a short check. The PDF is currently being finalized.
Related guides
Mandarin transcription buyer's guide: what to confirm before sending recordings
First-time and recurring buyers run into the same questions: how difficult is this recording, what should be reviewed, how is confidentiality enforced, and how should a sample be evaluated? This guide scopes Mandarin transcription by risk rather than by meeting type.
Read guide →How to evaluate a Mandarin transcription sample before signing
Samples are where vendors do their best polish. A sample that actually passes evaluation does not just read smoothly — it shows clear handling logic at every risk axis. This guide gives an executable method for evaluating Mandarin transcription samples before you commit.
Read guide →