Security & compliance,
by design
Enterprise voice AI demands enterprise-grade trust. Here's how we protect your data, meet regulatory requirements, and keep your operations secure.
Security Posture
Built for regulated industries
CallD.AI processes sensitive conversations across financial services, healthcare, government, and more. Our security architecture is designed from the ground up to meet the strictest compliance requirements, not bolted on as an afterthought.
We embed regulatory compliance into our AI through constitutional AI guardrails, ensuring every conversation adheres to industry-specific rules automatically.
Certifications & Compliance
Standards we meet and exceed
ISO 27001 *
Information security management system certification covering our policies, processes, and technical controls for data protection.
Australian Privacy Act
Full compliance with the Australian Privacy Principles (APPs), including data sovereignty requirements for Australian customer data.
GDPR
European data protection compliance including data minimisation, right to erasure, and lawful basis for processing across all EU deployments.
HIPAA
Healthcare data handling compliance for our MediCallD vertical, including BAA agreements and PHI protection throughout the call lifecycle.
UK DPA 2018
Full compliance with the UK's post-Brexit data protection framework, covering all UK-based deployments and customer data processing.
NIST CSF
Our security programme is structured around the NIST Cybersecurity Framework: Identify, Protect, Detect, Respond, and Recover.
* Certification in progress
Data Handling
How we protect your data
Encryption at Rest & In Transit
AES-256 encryption for all stored data and TLS 1.3 for all network traffic. Voice streams are encrypted end-to-end with no unencrypted intermediaries.
Data Residency
Choose where your data lives. We offer data residency in Australia, the US, EU, and UK, with strict geo-fencing and no cross-border transfers without consent.
Automatic PII Redaction
Real-time detection and redaction of sensitive information, including credit card numbers, Medicare details, and tax file numbers, before data reaches storage or analytics.
Retention & Deletion
Configurable data retention policies aligned with your regulatory requirements. Automated deletion workflows with full audit trails for compliance reporting.
Access Controls
Role-based access control (RBAC) with SSO integration, MFA enforcement, and granular permissions. Every data access is logged and auditable.
Audit Logging
Comprehensive, immutable audit logs for every AI decision, conversation event, and system access. Export-ready for regulatory audits and internal reviews.
Infrastructure
Enterprise-grade platform
Cloud Architecture
Multi-region cloud deployment with auto-scaling, redundancy, and disaster recovery. Designed for 99.99% uptime across our entire platform.
Network Security
VPC isolation, WAF protection, DDoS mitigation, and private connectivity options including AWS PrivateLink for enterprise integrations.
Penetration Testing
Regular third-party penetration testing and vulnerability assessments. Responsible disclosure programme for security researchers.
Incident Response
24/7 security monitoring with defined incident response procedures. Committed notification timelines and transparent communication during events.
Business Continuity
Documented BCP and DR plans with regular testing. RPO and RTO targets defined per service tier with automated failover capabilities.
Vendor Management
Rigorous third-party risk assessment for all sub-processors. Contractual security requirements and ongoing monitoring for supply chain integrity.
99.99%
Platform Uptime SLA
AES-256
Encryption Standard
4+
Data Residency Regions
24/7
Security Monitoring
Need more details?
Our security team is happy to walk you through our practices, share audit reports, or answer specific compliance questions.