Skip to content
CallSphere - AI voice and chat agents for businessCallSphere

Security

How we protect your data and maintain the security of our platform.

Last Updated: January 19, 2026

Our Security Commitment

CallSphere is committed to protecting your data. We implement security measures appropriate for a growing SaaS platform and continuously work to improve our security posture. Security documentation is available on request for prospective enterprise customers.

Data Encryption

  • In Transit: All data transmitted to and from our services uses TLS/HTTPS encryption.
  • At Rest: Data at rest is encrypted where supported by our cloud infrastructure providers (AWS, Vercel).

Access Controls

  • Role-Based Access: Access to customer data is restricted to authorized personnel based on job function.
  • Admin Logging: Administrative actions are logged for security monitoring and audit purposes.
  • Principle of Least Privilege: Team members are granted the minimum access necessary to perform their duties.

Infrastructure Security

  • Cloud Hosting: Our services are hosted on reputable cloud providers (AWS, Vercel) that maintain their own security certifications.
  • Database Security: Production databases are isolated and access is restricted.
  • Regular Updates: We regularly update dependencies and apply security patches.

Payment Security

Payments are processed by PCI-DSS compliant providers (e.g., Stripe). We do not store credit card numbers, CVVs, or other sensitive payment details on our servers. All payment data is handled directly by our payment processor.

AI and Data Handling

  • Third-Party AI Providers: We use OpenAI and other AI providers to power our voice and chat agents. Data sent to these providers is subject to their respective privacy policies.
  • Guardrails: We implement guardrails to help keep AI responses on-topic and within defined boundaries.
  • Human-in-the-Loop: Options for human review and escalation are available for sensitive use cases.
  • Response Verification: AI responses may require verification for critical actions. We do not guarantee error-free AI outputs.

Compliance and Certifications

  • SOC 2: Our security program is aligned with SOC 2 principles. Formal SOC 2 audit is planned.
  • HIPAA: HIPAA support is available for healthcare customers with a signed BAA and eligible infrastructure configuration. Contact us for details.
  • GDPR/CPRA: We support GDPR and CPRA rights requests (access, delete, export). A Data Processing Addendum (DPA) is available for business customers.

Incident Response

In the event of a security incident affecting customer data, we will notify affected customers in accordance with applicable laws and our contractual obligations.

Responsible Disclosure

If you discover a security vulnerability in our platform, please report it to us at sagar@callsphere.tech. We appreciate responsible disclosure and will work with you to address any valid security concerns.

Contact Us

CallSphere

Email: sagar@callsphere.tech

For security documentation requests or enterprise security questionnaires, please contact us at the email above.