Inputly.AI is built on a foundation of rigorous security controls, third-party audits, and regulatory compliance — so you can focus on your business, not worry about your data.
We invest in third-party audits and certifications so you don't have to take our word for it.
We are actively working toward SOC 2 Type II certification. Our security controls are built to meet all five trust service criteria. Expected completion: Q4 2026.
All payment card data is processed exclusively through Stripe and Square — both PCI-DSS Level 1 certified payment processors. Card numbers never pass through Inputly servers or storage.
Full compliance with EU General Data Protection Regulation and California Consumer Privacy Act. Data residency options available for EU customers.
Multiple layers of protection defend your data at every stage.
AES-256 at rest, TLS 1.3 in transit. All voice recordings and conversation data encrypted with unique per-tenant keys.
Role-based access control (RBAC) with multi-factor authentication required for all admin accounts. Least-privilege principle enforced.
24/7 automated threat detection, anomaly alerting, and a dedicated security operations team responding to incidents around the clock.
Automated daily backups with geo-redundant storage. Point-in-time recovery available. RTO < 4 hours, RPO < 1 hour.
Annual third-party penetration tests performed by CREST-certified security firms. Critical findings remediated within 24 hours.
Immutable audit trails for all data access, configuration changes, and administrative actions. Exportable for compliance reporting.
Complete tenant data isolation. Your business data is logically separated from all other customers and never shared or commingled.
OWASP Top 10 mitigations, static analysis scanning in CI/CD pipeline, and mandatory security code review for all production deployments.
We maintain a documented, tested incident response plan. Any confirmed security incident is contained within 1 hour, investigated within 24 hours, and communicated to affected customers promptly with full transparency.
We operate a responsible disclosure program. If you discover a potential security issue, contact us at security@inputly.ai. Critical vulnerabilities are patched within 24 hours, high severity within 7 days.
Call recordings are retained for 90 days by default (configurable). Analytics data retained for 2 years. Upon account termination, all data is permanently deleted within 30 days. Deletion certificates provided upon request.
All employees undergo background checks and mandatory security training at onboarding and annually. Access to customer data is limited to engineers with a direct business need, all activity logged and reviewed.
We guarantee 99.99% uptime (less than 52 minutes downtime per year) for voice AI services. Infrastructure runs across multiple cloud availability zones with automatic failover. Real-time status at status.inputly.ai.
We maintain a current list of all third-party subprocessors, including cloud infrastructure, telephony, and AI model providers. Each subprocessor is contractually required to maintain equivalent security standards. Available upon request.
Our security team is happy to answer questions, provide compliance documentation, or schedule a security review call for enterprise prospects.