Security & Compliance

Your data and your customers' data, protected.

We understand that entrusting customer communications to a third party requires solid guarantees. Here are ours.

GDPR

Signed DPA with every provider. SCCs for international transfers. Option to disable recordings, automatic PII scrubbing, and configurable retention. For strict data sovereignty requirements, on-premise deployment available.

Encryption

All recordings and data in transit encrypted with TLS 1.2+. Data at rest encrypted with AES-256.

99.9% SLA

Service availability commitment backed by 24/7 monitoring and automated alerting.

Full Audit Trail

Every interaction is logged: recording, transcription, data accessed, actions executed. Complete traceability.

Data Minimisation

We only process the data strictly necessary for each interaction. No unnecessary retention of sensitive data.

How we protect your data

Recordings & Transcripts

  • Encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access control. Your team and ours only (for optimisation purposes)
  • Configurable retention policy: you decide how long data is kept
  • On-demand deletion at any time

Integration with Your Systems

  • API connection with OAuth 2.0 or API key authentication
  • Data flows between your system and the agent in real time, with no intermediate storage
  • Access credentials managed with encryption and periodic rotation
  • Access logs available to your IT team

Regulatory Compliance

  • GDPR (General Data Protection Regulation)
  • LOPDGDD (Spanish Organic Law on Data Protection and Digital Rights)
  • Call recordings compliant with applicable regulations
  • Configurable recording consent notice at the start of each call

Team & Processes

  • All team members sign a non-disclosure agreement
  • Conversation review limited to agent optimisation, with restricted access
  • Continuous technology updates to minimise errors and vulnerabilities
  • Documented incident response plan

Does your legal team need more information?

We engage directly with your DPO or legal department to address any questions about data protection, regulatory compliance, or technical requirements.