Tenant isolation
Row-level multi-tenancy on PostgreSQL. Every query scoped by companyId via interceptor.
Trust center
Built with the controls your security team will ask about
CallPulse handles the most sensitive content in your revenue organization — customer conversations. Here’s exactly how we protect it.
SOC 2 Type II — in progressGDPR-readyAES-256 at restTLS 1.2+ in transitTenant-isolatedPII redactionAudit logsDPA available
Encryption at rest
AES-256 on all recordings, transcripts, and database storage.
Encryption in transit
TLS 1.2+ end-to-end. HSTS on all marketing and app domains.
Access control
JWT access tokens (15 min TTL) with refresh token rotation. Account lockout after 5 failed attempts.
LLM data boundary
No call content is used to train shared models. DPA in place with every LLM provider. Opt-out per provider at any time.
PII redaction
Optional automatic redaction of credit cards, SSNs, and custom patterns before transcripts are stored.
Audit logs
Every auth event and every company-scoped admin action logged with actor, IP, and timestamp — exportable.
Backup & DR
Point-in-time recovery on database. Cross-region backups with tested restore playbook.
Need the details?
Request our security whitepaper, DPA, and SOC 2 roadmap from sales.
Request security pack