How we handle your data.

Voice and chat agents run on a small set of vetted infrastructure providers (Retell, OpenAI, Anthropic, ElevenLabs). We do not train models on your data. For HIPAA-covered deployments we sign BAAs with the relevant subprocessors before any PHI moves.

Transcripts, call metadata, and the smallest CRM payload required to deliver the integration. Audio recordings are retained for 30 days by default and deleted on a rolling basis unless you ask us to keep them longer for QA. We collect the minimum necessary to run the system — not a copy of your business.

Data is encrypted in transit with TLS 1.2+ on every connection between callers, our services, your tools, and our model providers. Stored data — transcripts, secrets, and queued payloads — is encrypted at rest using the managed encryption provided by our infrastructure and database providers. Secrets are additionally isolated in a per-client store (see below).

We keep the list of subprocessors short and on purpose: voice and model providers (Retell, OpenAI, Anthropic, ElevenLabs), our hosting and database providers, and the integration endpoints you ask us to connect (e.g. your CRM or FSM tool). We'll send the current, dated subprocessor list with the security questionnaire, and we notify named contacts before adding a subprocessor that touches your data.

Your data is yours. You can request a structured export or full deletion at any time, and on offboarding we delete your data and revoke every credential within 30 days unless a retention obligation (e.g. a signed BAA) requires otherwise. We never sell data and never use it to train third-party models.

Internal access is role-scoped and 2FA-enforced. Only the engineers building or maintaining your deployment have access to your environment. We rotate credentials on project handover and on every team member transition.

API keys and webhook secrets you give us live in a per-client secret store. They are never logged, never committed to a repo, and never reused across clients. On offboarding we revoke and verify.

We currently sign BAAs for HIPAA deployments and follow SOC-2 aligned controls internally. We are not yet SOC-2 audited; if that's a hard blocker for procurement, tell us and we'll walk you through the compensating controls and timeline.

We notify named contacts within 24 hours of a confirmed incident affecting your data, and follow up with a written postmortem within 5 business days. We test the runbook quarterly.