← Back to CallRabbit
Security
How we protect your data and your customers
SOC 2 Type II
HIPAA Ready
GDPR Compliant
PCI-DSS Level 1
Infrastructure
- Hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA
- All data encrypted at rest (AES-256) and in transit (TLS 1.3)
- Geographically distributed with automatic failover
- Network isolation between customer environments
Voice and Data Security
- Call audio is encrypted end-to-end during processing
- Voice data is processed in-memory and not persisted beyond the session unless explicitly configured
- Call recordings, when enabled, are stored in encrypted, access-controlled storage
- Personally identifiable information (PII) can be automatically redacted from transcripts
Access Controls
- Role-based access control (RBAC) for all platform features
- Multi-factor authentication (MFA) enforced for all accounts
- Audit logging of all administrative actions
- Principle of least privilege applied across all internal systems
Compliance
CallRabbit maintains compliance with industry standards relevant to voice AI and telecommunications:
- SOC 2 Type II — Independently audited security controls
- HIPAA — Business Associate Agreements available for healthcare clients
- GDPR — Full data subject rights support for EU customers
- PCI-DSS Level 1 — Secure handling of payment-related interactions
- TCPA — Built-in compliance tools for outbound calling regulations
Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities. If you discover a potential issue, please email info@callrabbit.ai with details. We commit to acknowledging reports within 48 hours and providing resolution timelines within 5 business days.
Questions
For security inquiries or to request our SOC 2 report, contact info@callrabbit.ai.