Security & Compliance

Last updated: April 2026.

Signed BAA and DPA with our voice-agent provider

We operate under a signed Business Associate Agreement (BAA) and a signed Data Processing Addendum (DPA) with the provider that powers our stack. Customer data that flows through our agents is handled under the same agreements.

Inherited certifications

Our voice-agent infrastructure is secure, and HIPAA-ready. Calls are transported over TLS; recordings and transcripts are encrypted at rest. Your tenant's data is logically isolated using row-level security — every query is scoped to your tenant at the database layer, not just in application code.

Data retention

Call recordings, transcripts, and raw call metadata are automatically deleted 90 days after the call ends. Aggregate analytics (counts, durations, outcomes) are retained to power your dashboard. You can request earlier deletion of a specific call or all of your data at any time; we will complete the deletion and confirm in writing within 7 business days.

Data handling

We do not sell, license, or share customer data with third parties. We do not train general-purpose models on your call content. Audio and transcripts are only processed by our voice-agent provider for the purpose of handling your calls, and by our backend for the purpose of rendering your dashboard, notifications, and CRM integrations.

Incident response

In the event of a security incident affecting customer data, we will be notified by our voice-agent provider within 48 hours under the terms of the BAA. We will in turn notify affected customers in writing within 24 hours of becoming aware, with a description of the scope and the remediation plan, before any public disclosure.

Healthcare add-on

Workspaces that enable the Healthcare add-on are provisioned under a BAA-covered configuration, with strict PHI handling, call-recording controls, and auditable access logs. This add-on is required for any workspace routing patient calls through our agents.

Contact

For security questions, BAA / DPA copies, or compliance documentation, email security@voiceagents.cc.