SECURITY

Security you can build on

Enterprise-grade protection for your calls and your customers’ data — encrypted, isolated, and compliant by design.

✓ GDPR
✓ HIPAA
✓ ISO 9001:2015
✓ ISO 27001
✓ ISO 27017

🔒

Encryption everywhere

TLS 1.2+ in transit and AES-256 at rest. Integration credentials get extra AES-256-GCM field encryption, and API keys are stored only as SHA-256 hashes — never in plaintext.

🇺🇸

Data stored in the US

Your data is hosted in the United States on managed, SOC 2-certified cloud infrastructure with automatic backups, replication and disaster recovery — with no self-managed servers to patch.

🧱

Strict tenant isolation

Every account is fully partitioned. All reads and writes are scoped by user, and every request verifies ownership — so no customer can ever see another’s agents, calls, contacts or recordings.

🧾

Your data rights, built in

One-click data export and full account deletion — deletion cascades across every table and wipes call recordings from storage, while exports redact secrets. Retention auto-purges old calls and transcripts.

🛡️

Verified integrations & payments

Every inbound webhook is cryptographically verified (HMAC), with Twilio traffic IP-allowlisted. We never store card or bank details — payments run through PCI-DSS-compliant Stripe and Razorpay.

🎙️

Responsible, transparent AI

Every AI call announces itself as an AI in the caller’s language across 7 languages and discloses recording where applicable. This disclosure is mandatory and cannot be turned off.

Questions about security?

Talk to our team or book a live demo — we’re happy to walk through our controls with you.

Book a live demo →