We treat your prospect data, call recordings, and CRM access the way your security team expects — documented, encrypted, and auditable.
Access reviews, audit logging, and vendor risk policies modeled to SOC 2 Type II criteria. Full report available under NDA.
TLS 1.2+ in transit and AES-256 at rest. Call recordings stored in encrypted, region-locked buckets with short retention.
DPA available on request. Subject access, deletion, and opt-out requests honored within 30 days across every campaign.
Caller and ops access scoped per-client. MFA enforced. Quarterly access reviews and immediate offboarding on role change.
Every dialer signs an NDA and completes background screening before touching a client list.
24-hour disclosure SLA on any data event. Documented runbook, root-cause review, and customer notification within one business day.
TCPA
B2B calls only, consent-based mobile outreach, DNC scrubbing before every dial cycle, full call recording retention for evidence.
GDPR / UK GDPR
Legitimate-interest assessments for EU/UK outreach, opt-out honored immediately, EU-hosted dialers when required.
CCPA / CPRA
Do-not-sell honored, deletion requests processed within 30 days, consumer rights portal forwarded to client DPO.
CAN-SPAM
Identifiable sender, physical address, working unsubscribe in every follow-up email sequence.
PCI
We do not collect or transmit cardholder data. Payment links are issued by clients directly.
ISO 27001 aligned
Information security management practices modeled to ISO 27001 controls. Certification roadmap shareable on request.
We'll send the DPA, subprocessor list, SOC 2 report, and pen-test summary within one business day.
Book a Free Strategy Call