Security

We employ industry-standard encryption to protect your data at every stage:

• In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure transport layer protocol.
• At Rest: All stored data, including call recordings, transcripts, and customer information, is encrypted using AES-256 encryption.
• Key Management: Encryption keys are managed using secure key management services with automatic rotation.

Our infrastructure is built on enterprise-grade cloud providers with robust security certifications:

• Supabase: Our database provider is SOC 2 Type II certified, with data centers in secure facilities with physical access controls, 24/7 surveillance, and environmental protections.
• Vercel: Our application hosting is SOC 2 Type II certified with a global edge network and DDoS protection.
• Vapi & Twilio: Our telephony partners maintain SOC 2 compliance and PCI DSS certification for payment card handling.
• Stripe: Payment processing is PCI DSS Level 1 certified, the highest level of certification available.

We implement strict access controls to ensure only authorized personnel can access sensitive data:

• Role-Based Access: Employees have access only to the systems and data necessary for their job functions.
• Multi-Factor Authentication: All internal systems require MFA for access. We strongly recommend customers enable MFA on their accounts.
• Access Logging: All access to customer data is logged and auditable.
• Regular Access Reviews: We conduct quarterly reviews of access permissions to ensure appropriateness.

We maintain comprehensive monitoring to detect and respond to security threats:

• Real-Time Monitoring: 24/7 automated monitoring of our systems for security anomalies and threats.
• Intrusion Detection: Advanced intrusion detection systems to identify unauthorized access attempts.
• Vulnerability Scanning: Regular automated scanning for known vulnerabilities.
• Log Analysis: Centralized logging with automated analysis for suspicious patterns.

We maintain compliance with industry standards and are working toward additional certifications:

We have documented procedures for responding to security incidents:

• Response Team: Dedicated security personnel with defined roles and responsibilities for incident handling.
• Notification: We will notify affected customers of security incidents within 72 hours of confirmation, in accordance with applicable laws.
• Post-Incident Review: All incidents are reviewed to identify root causes and implement preventive measures.

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue:

For security-related questions or concerns, please contact our security team: