HIPAA | PCI

✅ Here's How We Address It

• Secure Credential Storage: We securely store credentials like API keys and access tokens necessary to connect with third-party services. These are encrypted and accessible only to the our systems that need them to operate the service.

• Data Minimization: We implement data minimization practices to only collect and process the data needed for the service.

• Limited Access: Only authorized systems have access to credentials.

• Encryption: We use end-to-end encryption for data in transit and secure storage with encryption at rest.

• HIPAA Compliance: For sensitive applications like healthcare, when we enable HIPAA compliance with BAA, this ensures that no call logs, recordings, or transcriptions are stored by us, mitigating the risk of sensitive data being exposed. An end-of-call report message is generated for a customer to store on their server for record-keeping.

• Secure Handling of Payment Data: PCI compliance is enabled, which allows for storing recordings in a PCI-compliant cloud storage solution or receiving transcripts through webhooks, ensuring sensitive financial data is handled securely and not retained without proper configuration.

• We, by default, record and store logs and transcriptions for service quality improvement.

• To ensure privacy, particularly in sensitive scenarios, it is crucial to review and adjust the data retention and HIPAA compliance settings for ALL agents, according to your specific needs.

• Even with security measures in place, it is essential to follow best practices for data security, such as educating employees on security awareness and conducting regular audits.