Encryption
All data is encrypted using industry-standard protocols, whether in transit or at rest.
Data at Rest
AES-256 encryption for all stored data including call metadata, transcripts, and lead information.
Data in Transit
TLS 1.3 encryption for all API calls, webhooks, and dashboard access. SRTP for voice streams.
Credentials
Passwords hashed with bcrypt. API keys encrypted. No secrets stored in plain text.
Data Isolation
Every customer's data is completely isolated at the database level using Row-Level Security (RLS).
Multi-Tenant Security
Database-enforced tenant isolation. Customer A cannot access Customer B's data under any circumstance.
No Shared Tables
Separate encryption keys per tenant. Complete data separation at the infrastructure level.
Compliance
Our infrastructure is built to meet the requirements of regulated industries.
| Framework | Status | Details |
|---|---|---|
| SOC 2 | Aligned | Infrastructure providers (Vercel, Supabase) are SOC 2 Type II certified |
| HIPAA | Available | Business Associate Agreement available for healthcare clients (+$200/mo) |
| GDPR | Compliant | Data residency options, right to deletion, data portability |
| PCI DSS | N/A | Payments handled by Stripe (PCI Level 1 certified) |
Infrastructure
We use best-in-class infrastructure providers with proven security track records.
| Provider | Purpose | Certifications |
|---|---|---|
| Vercel | Application Hosting | SOC 2 Type II, ISO 27001 |
| Supabase | Database | SOC 2 Type II, HIPAA eligible |
| Retell AI | Voice AI | SOC 2 Type II in progress |
| Stripe | Payments | PCI DSS Level 1 |
Your Data, Your Control
You maintain full control over your data at all times.
Export Anytime
Download all your call data, transcripts, and leads in standard formats whenever you need.
Delete on Request
Request complete data deletion at any time. We'll remove everything within 72 hours.
No Recordings by Default
Call recordings are disabled unless you explicitly enable them. Your choice, always.
Availability
99.9% Uptime SLA
Guaranteed availability with automatic failover across multiple regions.
Daily Backups
Automatic encrypted backups with 30-day retention and point-in-time recovery.
24/7 Monitoring
Real-time monitoring with automated alerts and rapid incident response.