SECURITY
Security you can build on
Enterprise-grade protection for your calls and your customers’ data — encrypted, isolated, and compliant by design.
✓ GDPR
✓ HIPAA
✓ ISO 9001:2015
✓ ISO 27001
✓ ISO 27017
🔒
Encryption everywhere
TLS 1.2+ in transit and AES-256 at rest. Integration credentials get extra AES-256-GCM field encryption, and API keys are stored only as SHA-256 hashes — never in plaintext.
🇺🇸
Data stored in the US
Your data is hosted in the United States on managed, SOC 2-certified cloud infrastructure with automatic backups, replication and disaster recovery — with no self-managed servers to patch.
🧱
Strict tenant isolation
Every account is fully partitioned. All reads and writes are scoped by user, and every request verifies ownership — so no customer can ever see another’s agents, calls, contacts or recordings.
🧾
Your data rights, built in
One-click data export and full account deletion — deletion cascades across every table and wipes call recordings from storage, while exports redact secrets. Retention auto-purges old calls and transcripts.
🛡️
Verified integrations & payments
Every inbound webhook is cryptographically verified (HMAC), with Twilio traffic IP-allowlisted. We never store card or bank details — payments run through PCI-DSS-compliant Stripe and Razorpay.
🎙️
Responsible, transparent AI
Every AI call announces itself as an AI in the caller’s language across 7 languages and discloses recording where applicable. This disclosure is mandatory and cannot be turned off.
Questions about security?
Talk to our team or book a live demo — we’re happy to walk through our controls with you.
Book a live demo →