Microsoft says Skype calls are now transcribed in “secure facilities in a small number of countries,” following a new report in The Guardian about the company’s use of contractors in China to listen to some calls to make sure the company’s transcription software is working properly. The company confirmed to The Verge that China is not currently one of the countries where transcription takes place.

A former contractor who lived in Beijing told The Guardian that he transcribed Skype calls with little cybersecurity protection from potential state interference. The unidentified former contractor told The Guardian that he reviewed thousands of audio recordings from Skype and Cortana on his personal laptop from his home in Beijing over a two-year period.

Workers who were part of the review process accessed the recordings via a web app in a Chrome browser over the internet in China. There was little vetting of employees and no security measures in place to protect the audio recordings from state or criminal interference, according to The Guardian.

The contractor told The Guardian he heard “all kinds of unusual conversations” while performing the transcription. “It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email.”

“It sounds a bit crazy now [...] that they gave me the URL, a username and password sent over email.”

A Microsoft spokesperson told The Verge in an email that “If there is questionable behavior or possible violation by one of our suppliers, we investigate and take action.” The audio “snippets” that contractors get to review are ten seconds long or shorter, according to the spokesperson, “and no one reviewing these snippets would have access to longer conversations.”

“We’ve always disclosed this to customers and operate to the highest privacy standards set out in laws like Europe’s GDPR,” the spokesperson added.

The existence of the Skype transcription program was first detailed in a report from Motherboard in August. Although Skype’s terms of service indicated at the time that the company analyzed call audio, this was the first report showing how much of the analysis was done by humans. And unlike competitors who publicly declared that they would end the practice of having humans transcribing audio from virtual assistants, Microsoft continued the practice, apparently updating its privacy policy to admit it was doing so.

Microsoft says it reviewed its processes and communications with customers over the summer. “As a result, we’ve updated our privacy statement to be even more clear about this work, and since then we’ve significantly enhanced the process including by moving these reviews to secure facilities in a small number of countries,” the company said in its statement to The Verge. “We will continue to take steps to give customers greater transparency and control over how we manage their data.”

Microsoft did not elaborate on what these “steps” entailed.

Microsoft is not the only company to face blowback for how it’s handled audio recordings of customers. The practices of data annotation, where humans help AI learn by interpreting audio and other information, have come under intense scrutiny as people weigh the convenience of having on-demand answers from virtual assistants with the discomfort of relinquishing chunks of their private lives often to people they didn’t know were listening.

An April report from Bloomberg highlighted how Amazon used full-time employees and contractors to “listen” to customers’ conversations with Alexa. The report found the company wasn’t clear about how long such recordings are stored, or whether employees or even third parties have accessed or would be able to access the information for nefarious purposes. And both Apple and Google reportedly suspended their programs that used humans to review audio recordings of their Siri and Assistant virtual assistant programs.

Here’s how to prevent audio assistants from retaining audio recordings.