Security · Trust Center

Built for enterprise trust

Dialbotix is built with security, privacy, and compliance in mind from the start. We support GDPR (EU/UK) and CCPA/CPRA principles, and are actively working toward SOC 2 readiness.

GDPR
EU/UK ready
CCPA / CPRA
California
SOC 2 readiness
In progress
Security roadmap
Production-grade controls

Core security controls

The controls every customer gets, on every plan.

Encryption in transit

All traffic is HTTPS / TLS 1.3 with strong ciphers. HSTS preloaded.

Encryption at rest

AES-256 for application data; KMS-managed keys; encrypted database backups.

Role-based access

User / admin separation, scoped tokens, least-privilege service accounts.

OAuth + JWT

Short-lived JWTs, signed CSRF state, optional SSO via Google / GitHub / LinkedIn.

Audit logs

Sensitive actions (auth, plan changes, deletions) logged with actor and timestamp.

Abuse defense

Rate-limits on auth, anomaly alerts, automated DNC enforcement, carrier-flag monitoring.

Data residency

Pro plan: pin tenant data to EU (Frankfurt) or US (Virginia / California) regions.

Incident response

We maintain an incident response process and prioritize timely investigation and customer communication based on severity.

Vendor due diligence

We maintain a list of key sub-processors and review them periodically.

AI runtime isolation

Each tenant's AI conversations run in an isolated execution context. Prompts, transcripts, and recordings are processed by third-party AI providers for inference, subject to their respective data handling policies. We design the system to minimize data exposure and use tenant-scoped credentials for voice infrastructure via providers like Vapi and Twilio.

GDPR & ePrivacy compliance (EU/UK)

  • Customer Data is processed strictly under your written instructions; full DPA on request at dpo@dialbotix.com.
  • EU Standard Contractual Clauses (2021/914) apply to all transfers outside the EEA.
  • Article 21 right-to-object requests are handled promptly, typically within 24 hours where possible.
  • We follow GDPR breach notification timelines (typically within 72 hours to authorities and without undue delay to customers where applicable).
  • EU/UK Article 27 representative available on request for non-EU customers.

CCPA/CPRA & US compliance

  • We do not sell personal information. Data handling is designed to align with CCPA/CPRA definitions of “sale” and “sharing.”
  • Verifiable consumer requests served at privacy@dialbotix.com.
  • Full TCPA, TSR, and state Mini-TCPA enforcement is the responsibility of the calling customer; we provide the tooling (DNC scrubbing, time-of-day windows, internal DNC, AI-disclosure prompts).

Reporting a security issue

We welcome responsible disclosure. Please email security@dialbotix.com with reproduction steps. We aim to acknowledge reports within 24 hours and triage within 72 hours. We will not pursue legal action against good-faith researchers who comply with our disclosure policy.

Need our security questionnaire?

We can share security documentation (including questionnaires and available audit materials) under NDA upon request.

Request our Trust Pack