The Trust Center.
Everything in one place.
SOC 2 reports, BAA, DPA, subprocessor list, pen-test summary, security questionnaire — the whole packet. Most requests fulfilled within one business day.
What we've certified.
Audited annually by independent third parties. Reports refreshed every 12 months.
SOC 2 Type II
Annual audit by an AICPA-registered firm. Covers security, availability, confidentiality, and privacy. Report under NDA.
PCI DSS Level 1
For the payment-handling subset of the platform. Attestation of Compliance on file.
HIPAA-aligned
BAA available on Growth and Scale plans. HITRUST CSF-aligned infrastructure. Self-attestation available now; HITRUST certification underway.
GDPR + UK GDPR
Article 28 DPA with SCCs available. EU representative appointed under Art. 27. EEA data residency available.
CCPA + CPRA
Honor Global Privacy Control. Per-consumer access, deletion, opt-out flows available via the dashboard.
Australian APP
Privacy Act 1988-compliant. Australian data residency available by default for AU customers.
How we operate.
Encryption everywhere
AES-256 at rest with per-customer keys rotated every 90 days. TLS 1.3 in transit. SRTP for call media.
Regional data residency
Sydney, us-east-1, eu-central-1, ap-southeast-1. Pick at setup; locked thereafter.
No training on your data
We do not train foundation models on customer call data. Aggregate statistics only with written consent.
Role-based access
SSO + MFA enforced. Per-role PHI/PII unlock for regulated industries. Audit log retained 12 months.
Incident response
Status page in real time. Affected customers notified within 72 hours; sooner where law requires.
Subprocessors disclosed
Full list at /subprocessors. 30-day notice on any addition.
What's in the packet.
Get the security packet.
Tell us your role and what you need. We respond within one business day with whichever documents apply to your evaluation, under NDA where appropriate.