Security First

How we protect your call data

Honest, plain-English security. We use established cloud providers, encrypt data in transit, scope access by organization, and tell you when something goes wrong. No exaggerated certification theater.

How We Protect Your Data

Multiple layers of security controls work together to keep your data safe at every stage.

Infrastructure

Our platform is hosted on modern cloud infrastructure with network isolation, automatic scaling, and redundancy across availability zones for reliable uptime.

Encryption in Transit

All data transmitted between your browser, our APIs, and our servers is encrypted using TLS 1.3 with strong cipher suites. We enforce HTTPS across all endpoints and use HSTS headers to prevent downgrade attacks.

Encryption at Rest

Data stored in our databases and backups is encrypted at rest using industry-standard encryption provided by our managed database and cloud infrastructure providers.

Access Controls

Role-based access control (RBAC) throughout the platform with Owner, Admin, and Member roles. Sign-in supports password + phone verification or Google OAuth. Sessions are scoped per organization so customer data stays isolated by tenant.

Activity Logging

Significant actions across the platform are logged: authentication events, call transcripts, appointment changes, and API calls. Logs are retained as long as the data they relate to.

Data Protection

Regular automated backups of our managed PostgreSQL database. In a disaster, we restore from the most recent backup; we aim to keep customer downtime to a minimum and notify affected accounts during any incident.

Spam & Fraud Prevention

Multi-signal spam detection analyzes every incoming call using carrier risk scoring, VoIP line detection, caller ID verification, and call frequency patterns to automatically block robocalls, telemarketers, and fraudulent callers in real time. Custom blocklists and intelligent composite scoring keep your business protected.

Data Protection and Privacy

We take data protection seriously and build privacy considerations into every part of the platform.

Secure by Design

We follow security best practices across our infrastructure, application code, and operational processes including encryption, access controls, and regular reviews.

Privacy Rights

We support data privacy rights including access, deletion, and portability requests for all users, including California residents under the CCPA.

Security Practices in Detail

Application Security

Our development team follows secure coding practices including input validation, parameterized queries, output encoding, and the principle of least privilege. We conduct regular code reviews with a security focus and use automated static analysis tools to detect vulnerabilities before deployment.

Network Security

Our application runs behind the network protections of our managed cloud and CDN providers, including TLS termination, rate limiting, and the platform-level abuse mitigations they offer by default. All traffic between your browser and our services is encrypted in transit.

Operator Security

Access to production systems is limited to the operators who build and maintain DialCloud and is restricted on a need-to-know basis. Production access is logged. We expect every team member who touches customer data to follow basic security hygiene: strong unique passwords, device locks, and prompt revocation on departure.

Incident Response

We maintain a comprehensive incident response plan that includes detection, containment, eradication, and recovery procedures. Our team conducts regular tabletop exercises and post-incident reviews to continuously improve our response capabilities. We will notify affected customers within 72 hours of confirming a data breach.

Vendor Security

We evaluate the security practices of third-party vendors and sub-processors before integrating them. Our key infrastructure partners include established providers for hosting, payments (Stripe), and telephony (Twilio), all of which maintain their own independent security certifications.

Vulnerability Disclosure Program

We value the work of security researchers who help keep our platform safe. If you have discovered a security vulnerability in DialCloud, we encourage you to report it responsibly. Please send details to [email protected].

When reporting, please include a detailed description of the vulnerability, steps to reproduce it, and any potential impact. We commit to acknowledging reports within 24 hours and providing an initial assessment within 5 business days. We ask that you give us a reasonable time to address the issue before making any public disclosure.

24-hour acknowledgment5-day initial assessmentResponsible disclosure

Have security questions?

Our team is here to help. Whether you want to discuss our security practices, data handling, or have specific questions about how we protect your information, we are happy to assist.