Encryption everywhere
Data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Call audio and transcripts are protected from the moment they're created.
Trust & Security
Security you can build a business on
Every call and every record is protected with encryption, strict access controls, and continuous monitoring β backed by U.S.-based infrastructure.
π AES-256 at rest
π‘οΈ TLS 1.2+ in transit
π SOC 2 Type II (in progress)
π₯ HIPAA-ready (BAA available)
πΊπΈ U.S. data residency
How we protect you
Defense in depth
Security is built into every layer of Callent β from the network to the model.
Access controls
Role-based access, least-privilege permissions, SSO, and mandatory MFA for our team. Every access to production is logged and audited.
Hardened infrastructure
Hosted on leading U.S. cloud providers with isolated environments, network segmentation, automated patching, and 24/7 monitoring.
Testing & monitoring
Continuous vulnerability scanning, regular third-party penetration testing, and real-time alerting on suspicious activity.
Data ownership
Your data is yours. Configure retention, export your records, or request deletion at any time. We never sell your data.
Incident response
A documented incident response plan with defined roles, escalation paths, and customer notification commitments consistent with U.S. breach-notification laws.
01 Data protection
All data transmitted to and from Callent is encrypted using TLS 1.2 or higher. Data at rest β including call recordings, transcripts, and account information β is encrypted with AES-256. Encryption keys are managed through a dedicated key-management service with strict rotation and access policies.
02 Infrastructure
Callent runs on top-tier U.S.-based cloud infrastructure with high availability across multiple availability zones. Production systems are isolated from development and staging, protected by firewalls and network segmentation, and continuously patched. We maintain automated backups with tested recovery procedures.
03 Access & identity
- Least-privilege, role-based access control for all internal systems.
- Mandatory multi-factor authentication (MFA) for employee accounts.
- SSO and SCIM provisioning available for enterprise customers.
- Comprehensive audit logging of administrative and production access.
04 Compliance
We are committed to meeting the standards our customers rely on:
- SOC 2 Type II β examination in progress; report available under NDA upon completion.
- HIPAA β Business Associate Agreements (BAAs) available for healthcare customers handling protected health information.
- CCPA/CPRA & U.S. state privacy laws β see our Privacy Policy for how we honor data rights.
- PCI DSS β payments handled by certified processors; we don't store full card data.
05 Privacy by design
We minimize the data we collect, restrict access to what's necessary, and give you control over retention and deletion. We do not use customer call content to train third-party foundation models, and we never sell customer data. Learn more in our Privacy Policy.
06 Responsible disclosure
We welcome reports from the security community. If you believe you've found a vulnerability, please email security@callent.online with details and steps to reproduce. We commit to acknowledging your report promptly, investigating in good faith, and not pursuing legal action against researchers who act responsibly and avoid privacy violations or service disruption.
Please do not access, modify, or delete data that isn't yours, and give us a reasonable time to remediate before any public disclosure.
Have a security or compliance question?
Our team is happy to walk through our practices, share documentation, or set up a BAA.