Home / Trust Center
Security · Trust Center
Engineered like the infrastructure it is.
A trust layer has to be more trustworthy than what it protects. Security isn't a page on this site — it's the reason the product exists.
Controls
The controls behind the promise.
Encryption everywhere
TLS 1.3 in transit, AES-256 at rest, keys rotated on a fixed schedule.
SOC 2 program
Type II underway; report available under NDA on request.
Immutable audit logs
Hash-chained, timestamped, exportable as signed JSON.
RBAC & SSO
Role-based access, SAML / OIDC, SCIM provisioning and deprovisioning.
Consent records
Queryable, revocable, retained to your policy and jurisdiction.
Anomaly alerts
Real-time flags on spoofing, rogue agents, and policy drift.
Data residency
Region pinning for regulated deployments; EU and US options.
Least-privilege by default
Scoped API keys, short-lived tokens, no standing broad access.
Responsible disclosure
A published path for researchers and a commitment to fix fast.
Architecture
Inline, but never in the way.
Verification runs inline at call setup and returns a decision in under 200 ms. The audit path is append-only — logs can be written and read, never altered, not even by us.
- · Append-only, hash-chained event store
- · No plaintext call audio retained by default
- · Customer-scoped encryption keys
Subprocessors
Who touches the data.
A current list of subprocessors and their functions is maintained for customers. Material changes are notified in advance under enterprise agreements.
Report a vulnerability
Found something?
We run a responsible-disclosure program and commit to acknowledging valid reports quickly. Reach the security team directly and we'll take it from there.
Due diligence
Send us your security questionnaire.
SOC 2 report and DPA available under NDA