Multi-tenant isolation, role-based access, auditability and secure storage.
Access is scoped by organisation and role. Product access can be restricted.
All data is scoped by organisation ID. Queries enforce org_id filtering at the data layer so one organisation cannot access another's data.
Three access levels: master, manager, and agent. Each role sees only the data and actions relevant to their responsibilities.
Users can be restricted to specific products within the organisation, limiting visibility to only the campaigns they manage.
Authentication uses HttpOnly cookies with silent refresh tokens. Sessions are scoped and expire automatically.
Security is designed to support regulated operating environments.
All data transmitted between client and server is encrypted via TLS.
Stored data including transcripts, analysis outputs, and call metadata is encrypted at rest.
Transcripts and analysis outputs are stored in managed infrastructure with access controls and backup policies.
Manager actions can be logged so follow-through is visible.
Manager actions, report generation, coaching sends, and reviews are logged with timestamps and user attribution.
Incoming webhooks are verified using HMAC signatures to prevent spoofing and ensure data integrity.
A defined incident response process covers detection, containment, notification, and post-incident review.
See also: Trust overview, Privacy, and Data Hosting.
Bring a call sample, your scripts or non-negotiables, and your current QA process.
Book a Demo