Home / Trust Center

Security · Trust Center

Engineered like the infrastructure it is.

A trust layer has to be more trustworthy than what it protects. Security isn't a page on this site — it's the reason the product exists.

SOC 2 Type II in progress Encrypted in transit & at rest Hash-chained audit trail

Controls

The controls behind the promise.

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest, keys rotated on a fixed schedule.

SOC 2 program

Type II underway; report available under NDA on request.

Immutable audit logs

Hash-chained, timestamped, exportable as signed JSON.

RBAC & SSO

Role-based access, SAML / OIDC, SCIM provisioning and deprovisioning.

Consent records

Queryable, revocable, retained to your policy and jurisdiction.

Anomaly alerts

Real-time flags on spoofing, rogue agents, and policy drift.

Data residency

Region pinning for regulated deployments; EU and US options.

Least-privilege by default

Scoped API keys, short-lived tokens, no standing broad access.

Responsible disclosure

A published path for researchers and a commitment to fix fast.

Architecture

Inline, but never in the way.

Verification runs inline at call setup and returns a decision in under 200 ms. The audit path is append-only — logs can be written and read, never altered, not even by us.

  • · Append-only, hash-chained event store
  • · No plaintext call audio retained by default
  • · Customer-scoped encryption keys

Subprocessors

Who touches the data.

A current list of subprocessors and their functions is maintained for customers. Material changes are notified in advance under enterprise agreements.

Report a vulnerability

Found something?

We run a responsible-disclosure program and commit to acknowledging valid reports quickly. Reach the security team directly and we'll take it from there.

Due diligence

Send us your security questionnaire.

SOC 2 report and DPA available under NDA