Security

Our Commitment to Security

Security is foundational to AirVoice. We employ multiple layers of protection to keep your data and your customers' data safe at all times.

Encryption

All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. This applies to all customer data including conversation history, knowledge base documents, and account information.

Infrastructure

AirVoice is hosted on SOC 2 Type II certified infrastructure. Our systems are isolated per customer, with strict network controls and no cross-tenant data access.

Access Controls

Access to production systems is restricted to authorized personnel only, enforced through multi-factor authentication and role-based access control. All access is logged and audited.

Vulnerability Management

We conduct regular penetration testing and vulnerability scans. Security patches are applied promptly. We maintain a responsible disclosure program for security researchers.

Data Isolation

Each organization's data is logically isolated. Your agents, conversations, and knowledge bases are never shared with or accessible by other customers.

Incident Response

We maintain an incident response plan and will notify affected customers within 72 hours of discovering a confirmed data breach, in compliance with applicable regulations.

Compliance

AirVoice is designed to support GDPR, CCPA, and SOC 2 compliance requirements. We provide data processing agreements (DPAs) upon request.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly to security@airvoice.ai. We respond to all reports within 48 hours.