- Home
- Security
Security
Security and data privacy
Your conversations are sensitive data, and the platform is built for that: full account isolation, options to process inside your own perimeter, your own keys for AI, and signed integrations. Access to a recording belongs only to its owner and to whoever they've shared it with.
Full account isolation
One account's data is inaccessible to another. The 2026-06 and 2026-07 security audits found no cross-account leaks.
- Access to a recording belongs only to its owner and those they've shared it with.
- AI copilot tools are hard-scoped to the selected recordings.
- Isolation is enforced at the data-query level.
On-prem worker — audio never leaves your perimeter
A self-hosted worker runs recognition and diarization on your own hardware, locally. Files don't go to the platform cloud.
- Download → run it yourself → pair with a code.
- Local processing with no per-minute billing.
- The on-prem Asterisk agent works behind NAT over an outbound HMAC connection.
Your own LLM and STT keys
Connect your own model keys — processing goes through your provider account, and the platform is not a data intermediary.
- LLM: OpenAI, Anthropic, DeepSeek, Gemini, Mistral and OpenAI-compatible endpoints.
- STT: Deepgram, AssemblyAI, Speechmatics and others via key.
- Local models (Ollama/vLLM/Vosk) — data never leaves your network.
Signed webhooks and OAuth
Integrations are protected: outbound webhooks are HMAC-signed, MCP access uses OAuth 2.1, and there's SSRF protection.
- Signed HMAC POST — the receiver verifies the data's authenticity.
- OAuth 2.1 for the MCP server and token auth for the REST API.
- SSRF protection on paths where the platform fetches your URLs.
A granular access model
Share exactly what you need: individual recordings, tags or metrics — not the whole account.
- Sharing by recording, tag and metric.
- The owner grants and revokes access.
- Sharing one thing doesn't open the rest of the archive.
Key facts
- Isolation
- Full account isolation; the 2026-06 and 2026-07 audits found no cross-account leaks.
- On-prem
- A self-hosted worker and an on-prem Asterisk agent — audio never leaves your perimeter.
- Your keys
- Bring-your-own LLM and STT keys; local models are supported.
- Integrations
- HMAC-signed webhooks, OAuth 2.1 for MCP, and SSRF protection.
- Certifications
- We don't yet hold formal certifications (SOC 2 / ISO) — and we don't claim any.
FAQ
Security questions
Can another account see my recordings?
No. Accounts are fully isolated: access to a recording belongs only to its owner and to whoever they've explicitly shared it with. The 2026-06 and 2026-07 security audits found no cross-account leaks.
Can I process audio so it never goes to the cloud?
Yes. A self-hosted worker runs recognition and diarization locally on your hardware, and the on-prem Asterisk agent connects over an outbound HMAC channel from behind NAT — files stay inside your perimeter.
How are integrations protected?
Outbound webhooks are HMAC-signed so the receiver can verify the data's authenticity; MCP server access uses OAuth 2.1; and paths where the platform fetches your URLs have SSRF protection enabled.
Do you have certifications like SOC 2 or ISO?
We don't hold formal certifications yet, and we don't claim any. Security is provided through account isolation, on-prem processing options, your own keys and signed integrations.
Ready to start?
Turn every conversation into data, knowledge and action
Start by analyzing your conversations — no risk, no bots required. The platform turns your archive into data and a knowledge base, and voice agents plug in when you're ready.
Free plan, no card required.