Built for enterprise trust
Dialbotix is built with security, privacy, and compliance in mind from the start. We support GDPR (EU/UK) and CCPA/CPRA principles, and are actively working toward SOC 2 readiness.
Core security controls
The controls every customer gets, on every plan.
Encryption in transit
All traffic is HTTPS / TLS 1.3 with strong ciphers. HSTS preloaded.
Encryption at rest
AES-256 for application data; KMS-managed keys; encrypted database backups.
Role-based access
User / admin separation, scoped tokens, least-privilege service accounts.
OAuth + JWT
Short-lived JWTs, signed CSRF state, optional SSO via Google / GitHub / LinkedIn.
Audit logs
Sensitive actions (auth, plan changes, deletions) logged with actor and timestamp.
Abuse defense
Rate-limits on auth, anomaly alerts, automated DNC enforcement, carrier-flag monitoring.
Data residency
Pro plan: pin tenant data to EU (Frankfurt) or US (Virginia / California) regions.
Incident response
We maintain an incident response process and prioritize timely investigation and customer communication based on severity.
Vendor due diligence
We maintain a list of key sub-processors and review them periodically.
AI runtime isolation
Each tenant's AI conversations run in an isolated execution context. Prompts, transcripts, and recordings are processed by third-party AI providers for inference, subject to their respective data handling policies. We design the system to minimize data exposure and use tenant-scoped credentials for voice infrastructure via providers like Vapi and Twilio.
GDPR & ePrivacy compliance (EU/UK)
- Customer Data is processed strictly under your written instructions; full DPA on request at dpo@dialbotix.com.
- EU Standard Contractual Clauses (2021/914) apply to all transfers outside the EEA.
- Article 21 right-to-object requests are handled promptly, typically within 24 hours where possible.
- We follow GDPR breach notification timelines (typically within 72 hours to authorities and without undue delay to customers where applicable).
- EU/UK Article 27 representative available on request for non-EU customers.
CCPA/CPRA & US compliance
- We do not sell personal information. Data handling is designed to align with CCPA/CPRA definitions of “sale” and “sharing.”
- Verifiable consumer requests served at privacy@dialbotix.com.
- Full TCPA, TSR, and state Mini-TCPA enforcement is the responsibility of the calling customer; we provide the tooling (DNC scrubbing, time-of-day windows, internal DNC, AI-disclosure prompts).
Reporting a security issue
We welcome responsible disclosure. Please email security@dialbotix.com with reproduction steps. We aim to acknowledge reports within 24 hours and triage within 72 hours. We will not pursue legal action against good-faith researchers who comply with our disclosure policy.
Need our security questionnaire?
We can share security documentation (including questionnaires and available audit materials) under NDA upon request.
Request our Trust Pack