Security & Trust

At Vociply, security and privacy are not afterthoughts — they are foundational to how we build and operate. Every business that deploys a voice AI agent through our Platform is trusting us with their customers' conversations. We take that responsibility seriously.

Enterprise-Grade Infrastructure

The Vociply Platform is built on carrier-grade telephony infrastructure operating one of the world's largest private IP voice networks. Our infrastructure is independently audited and certified, ensuring that every voice AI deployment benefits from enterprise-grade security, reliability, and compliance from day one.

Vociply's compliance posture is independently verified. Request access to audit reports and certifications below.

Certifications & compliance

Request access to our compliance documentation, audit reports, and security certifications.

Platform security controls

Encryption

✓All data encrypted in transit using TLS 1.2 or higher
✓All data encrypted at rest using AES-256 encryption
✓Call recordings stored in isolated, access-controlled storage

Access controls

✓Role-based access controls (RBAC) limiting data access to authorised personnel
✓Need-to-know basis for all data access
✓Multi-factor authentication (MFA) required on all administrative and internal systems

Security testing

✓Regular security assessments and penetration testing
✓Proactive identification and remediation of vulnerabilities
✓Continuous monitoring of platform security posture

Incident response

✓Formal incident response programme with defined procedures
✓Breach notification to affected Business Customers within 72 hours
✓Post-incident review and remediation

Sub-processor management

✓All third-party sub-processors subject to privacy and security due diligence
✓Bound by data processing agreements enforcing equivalent standards
✓Current sub-processor list available upon request

Responsible telephony

✓Configurable call disclosure prompts for recording consent
✓Business Customers responsible for TCPA and anti-spam compliance
✓Voice agents must not be deployed as emergency services substitutes

Data residency

Enterprise Business Customers with specific data residency requirements — for example, needing call data to remain within a defined geographic region — should contact us at admin@vociply.com to discuss available options.

Report a security issue

If you believe you have discovered a security vulnerability in the Vociply Platform, please report it responsibly to security@vociply.com. We take all reports seriously and commit to investigating promptly.

For SOC 2 reports, BAAs, DPAs, sub-processor lists, or security questionnaires, contact admin@vociply.com.

FAQ

What certifications does Vociply's platform hold?

The Vociply Platform is built on infrastructure certified to SOC 2 Type I & II, SOC 3, ISO 27001:2013, ISO 27701:2019, PCI DSS, and HIPAA-eligible standards. Vociply is also certified under the EU-U.S. Data Privacy Framework.

Are call recordings encrypted?

Yes. All call recordings are encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Recordings are stored in access-controlled storage with configurable retention periods.

Is Vociply GDPR compliant?

Yes. Vociply operates in full compliance with GDPR. Data Processing Agreements are available to all Business Customers, and data subject rights mechanisms are in place for access, rectification, erasure, portability, restriction, and objection.

Does Vociply sell personal data?

No. Vociply does not sell or share personal information as defined under the CCPA/CPRA or any other applicable privacy legislation.

How do I report a security vulnerability?

Email admin@vociply.com with details. We take all reports seriously and commit to investigating promptly. We follow responsible disclosure practices.

Ready to move past a POC?

Book a 30-minute technical demo with a solutions engineer. No slides — we build your first agent live.

Book a technical demo See pricing