Read-only on your Voice Platform.

What we access.

• Your Voice Platform agent list. Names, IDs, and the webhook + post-call extraction config we need to verify setup. Read-only via the API key you provided.
• Call events from your webhook. Caller number, timestamp, the Boolean callback flag, and any reason text your agent supplied. We use it to schedule the redial — nothing else.
• Outbound call requests we initiate. When the scheduled time hits, we call the Voice Platform's API to fire the redial through your same agent. The agent keeps the original conversation context.

What we never do.

• No writes to your Voice Platform account. Prompts, tools, voice config, custom functions, agent settings — none of it. The webhook URL and extraction variable you add yourself on the Voice Platform dashboard.
• No data resale, no third-party sharing. Call data stays in our database, accessible only to your account. We don't pipe transcripts into LLM training, we don't sell aggregated insights.
• No silent expansion of scope. If we ever need additional API permissions for a new feature, you'll see it on a connect screen and have to opt in.
• No call recording or live transcription. We don't record audio. We don't transcribe live calls. Anything you see in the dashboard came from a string your Voice Platform supplied in its webhook.

How we protect what we hold.

• Encryption at rest. Voice Platform API keys are encrypted with a per-tenant data-encryption-key (AES-256-GCM) wrapped by a key-encryption-key held in HashiCorp Vault. We never log the plaintext key, never send it to third parties, and the decrypt path runs only inside the API process.
• Signed webhooks. Every webhook delivery is HMAC-verified against the agent's signing secret. Replay-protected with a dedup key per delivery — duplicates are dropped, not re-processed.
• Per-agent webhook URLs. We generate a unique URL for each agent. URLs aren't shared across tenants and aren't recoverable from outside the agent's Voice Platform config.
• Workspace isolation. Every row in our database is scoped to the tenant that owns it. Workspace-level filtering runs on every read path — neither operators nor their integrations can see another tenant's data.
• Scoped operational access. Personnel access to decrypted material is limited, audited, and tied to support or incident response.

Encryption in transit.

• TLS 1.2+ for every public endpoint (browser, API, webhook receive, outbound Voice Platform calls). HSTS with includeSubDomains.
• Strict CSP on the authenticated application, with hashed inline-script allowances on the marketing surface.
• Standard hardening headers: X-Frame-Options, X-Content-Type-Options, Referrer-Policy.

Key rotation & disconnect.

You can rotate or disconnect your Voice Platform API key from Settings → Workspace at any time. On disconnect we drop all derived state — webhook URLs, scheduled callbacks, cached agent metadata — within minutes. Soft-deleted workspaces are purged on a 5-minute cron after their grace window.

A workspace deletion runs guards across every job in the worker pool: in-flight fires, stuck-recovery sweeps, and webhook receivers all check tenant + workspace status before proceeding. A disconnected workspace stops getting called against, period.

Incident response & disclosure.

If you find something that looks like a security issue — unexpected access, an exposed secret, a webhook signature failure that shouldn't happen — please tell us privately first.

Pick the Security category on our contact form and we'll acknowledge within one business day. We won't pursue good-faith researchers who follow this disclosure path.

If we discover an incident that affects your data, we notify affected operators promptly with what we know, what we did, and what we recommend.