Data Protection
Encryption, GDPR compliance, and data retention policies that protect customer information.
Encryption
- In transit: All connections use TLS 1.3. HTTP requests are automatically redirected to HTTPS.
- At rest: Database storage and file uploads are encrypted at rest using industry-standard algorithms.
- Secrets: Webhook secrets and API keys are encrypted before storage. Original values cannot be retrieved after creation.
GDPR Compliance
- Data subject rights: access, rectification, erasure, portability, and objection
- Data Processing Agreements (DPA) available on request
- 72-hour breach notification to supervisory authorities
- All data processors are documented and disclosed
Data Retention
- Call recordings are retained for 90 days, then automatically deleted
- Webhook delivery logs are retained for 7 days
- Account data is retained while the account is active and deleted upon request