Security

Your data security is our top priority. We maintain enterprise-grade security practices to protect every call and conversation.

Australian Privacy Act

Aligned with the Australian Privacy Principles (APPs) under the Privacy Act 1988

GDPR Aligned

Data subject rights, lawful basis tracking, and breach notification workflow

CCPA Aligned

Right-to-know, right-to-delete, and no sale of personal information

PII Redaction

Automatic detection and redaction of sensitive information in transcripts

How We Protect Your Data

Encryption

Data is encrypted in transit with TLS 1.3. Sensitive credentials and OAuth tokens are encrypted at the application layer, and data at rest is encrypted by our managed database and storage providers. Call recordings are access-controlled per tenant.

Infrastructure

Hosted on managed cloud infrastructure with automated backups, redundancy across availability zones, and a 99.9% uptime target.

Access Control

Role-based access control (RBAC), SSO/SAML integration for enterprise, multi-factor authentication, and audit logging of all administrative actions.

Data Handling

Tenant-isolated data storage, automatic PII redaction in transcripts, configurable data retention policies, and GDPR-compliant data export and deletion.

Application Security

Regular penetration testing, dependency vulnerability scanning, secure development lifecycle (SDLC), and responsible disclosure program.

Network Security

Web application firewall (WAF), DDoS protection, rate limiting, and API authentication with scoped access tokens.

Report a Vulnerability

We take security issues seriously. If you discover a vulnerability, please report it responsibly.

security@karmasai.com