Security

Your security is our top priority. Learn about the measures we take to protect your data.

SOC 2 Type II Certified | 99.9% Uptime SLA | 24/7 Security Monitoring

Security Features

Comprehensive security at every layer

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

  • TLS 1.3 for all API communications
  • AES-256 encryption for stored data
  • Encrypted backups with secure key management
  • Perfect forward secrecy enabled

Authentication

Robust authentication mechanisms to protect your account and API access.

  • API key authentication with rotation support
  • OAuth 2.0 integration available
  • Multi-factor authentication (MFA)
  • Session management and timeout controls

Access Control

Fine-grained access control to manage permissions across your organization.

  • Role-based access control (RBAC)
  • IP allowlisting for API access
  • Audit logs for all actions
  • Team member permission management

Infrastructure

Enterprise-grade infrastructure with multiple layers of protection.

  • SOC 2 Type II certified data centers
  • DDoS protection and mitigation
  • Network segmentation and firewalls
  • Regular security patches and updates

Compliance & Certifications

Meeting the highest industry standards

Certified

SOC 2 Type II

Independently audited controls for security, availability, and confidentiality.

Compliant

GDPR

Full compliance with EU data protection regulations.

Compliant

CCPA

California Consumer Privacy Act compliance for California residents.

Available

HIPAA

Available for enterprise customers with BAA agreements.

Security Practices

Proactive measures to keep your data safe

Security Audits

Regular third-party penetration testing and security assessments.

Vulnerability Management

Continuous scanning and prompt remediation of security vulnerabilities.

Bug Bounty Program

We work with security researchers to identify and fix potential issues.

Incident Response

24/7 security monitoring with rapid incident response procedures.

Data Handling & Retention

Audio Data

Audio data processed through our API is not stored by default. Enterprise customers can optionally enable storage for quality assurance purposes with configurable retention periods.

API Logs

API request logs are retained for 30 days to support debugging and analytics. Logs can be configured or disabled based on your compliance requirements.

Data Deletion

You can request deletion of your data at any time. We comply with data deletion requests within 30 days as required by applicable regulations.

Report a Security Issue

We take security issues seriously. If you discover a vulnerability, please report it to our security team. We appreciate your help in keeping our platform secure.

Contact Security Teamsecurity@vagaryvoice.com