Trust

Security at VoxPro

Last updated: May 8, 2026

Calls and customer data run through VoxPro every day. Protecting them is the job. Here's how we do it.

Encryption

All traffic between your browser, your callers, and VoxPro is encrypted in transit using TLS 1.2 or higher. Call recordings, transcripts, and customer records are encrypted at rest using AES-256 in our cloud storage.

Infrastructure

VoxPro runs on hardened cloud infrastructure operated by reputable providers (including AWS and Vercel) with SOC 2 and ISO 27001 certifications. Production systems live in private networks, isolated from the public internet except through reviewed entry points.

Access controls

  • Role-based access — engineers only see what they need to do their job.
  • Multi-factor authentication is required for all internal admin tools.
  • Production access is logged and reviewed.
  • Customer data access is limited to support and engineering staff with a documented reason.

Call data handling

Audio, transcripts, and call metadata are processed only to deliver the service to you and the features you've enabled (booking, follow-up, reporting). Call recordings are retained for 90 days by default and can be deleted earlier on request. We do not sell call data and we do not use it to train third-party foundation models.

Sub-processors

We use a small number of vetted vendors to deliver the service — telephony, cloud hosting, AI inference, and email/SMS gateways. Each operates under a written agreement that includes confidentiality and security obligations. A current list is available on request.

Software development

  • Code is reviewed before it ships to production.
  • Dependencies are monitored for known vulnerabilities and patched promptly.
  • Secrets are never stored in source control.
  • Production deployments are automated, audited, and reversible.

Backups & resilience

Customer data is backed up regularly with point-in-time recovery. We test restore procedures so a backup is more than a hopeful filename in a bucket.

Incident response

If we detect a security incident that affects you, we will notify you without undue delay and share what we know, what we're doing, and what you should do. We keep an internal runbook and on-call rotation for security events.

Compliance posture

We follow industry best practices for SaaS security and are progressing toward formal SOC 2 Type II attestation. We can sign DPAs with customers that need them. For health, finance, or other regulated workloads, contact us first — VoxPro is not currently certified for HIPAA or PCI environments.

Reporting a vulnerability

If you believe you've found a security issue, please email info@getvoxpro.com with the details and a way to reach you. We respond to credible reports within two business days and don't pursue legal action against good-faith researchers who follow responsible disclosure.

Contact

For security questions, custom contracts, or sub-processor lists, email info@getvoxpro.com or call +1 (972) 645-4982.