Trust center
Phone calls are personal. We build like it.
Voice agents handle names, health details, payment context, and private conversations. This page is the living record of how Rayvoc secures that data — what we do today, and what is on the roadmap before general availability.
Encryption everywhere
TLS 1.2+ in transit, AES-256 at rest for recordings, transcripts, and configuration. SRTP for call media where the carrier leg supports it.
No training on your data
Call audio, transcripts, and prompts are never used for model training. Zero-retention inference with managed providers where supported.
Configurable retention
Per-workspace retention from zero-storage mode to custom windows. Deletion requests honored across backups on a fixed schedule.
Recording consent built in
Automatic consent announcements, jurisdiction-aware consent modes, and PII redaction in stored transcripts.
Least-privilege access
Role-based access control, SSO/SAML for teams, audit logs on every configuration change and data access.
Regional data residency
Choose US or EU storage regions at the workspace level; call media is processed in-region.
Compliance posture
GDPR
Data processing agreements, EU data residency, right-to-erasure workflows, and a maintained records-of-processing register. DPA available on request.
SOC 2 Type II
Controls are implemented and the audit window is underway; we expect the Type II report around general availability. The Type I report will be shared with design partners under NDA.
HIPAA (BAA)
Business associate agreements for healthcare workloads are planned post-GA, building on zero-retention mode and PII redaction. Tell us if this gates your use case — it shapes our ordering.
Calling regulations (TCPA and equivalents)
Outbound tooling ships with consent-list enforcement, calling-hour windows, frequency caps, and AI-disclosure prompts. See outbound calling for details. Compliance configuration remains the customer’s responsibility; we make the safe path the easy path.
Subprocessors
The categories of subprocessors we rely on. The named list is provided with the DPA and updated with notice.
| Category | Purpose | Region |
|---|---|---|
| Cloud infrastructure | Compute, storage, and media servers | US / EU regions |
| Model providers (managed stack) | STT, LLM, and TTS inference for managed-model accounts | Per model provider |
| Payment processor | Billing and invoicing | Global |
| Email provider | Transactional email | US |
Security questions, disclosure reports, or DPA requests: contact us. We respond to security reports within one business day.
Security & privacy FAQ
Is call audio used to train models?
No. Your call audio, transcripts, and agent configurations are never used to train models — ours or anyone else’s. Managed model providers are contractually bound to zero-retention inference where supported.
Where is my data stored and for how long?
Recordings and transcripts are stored encrypted in your selected region. Retention is configurable per workspace — from “store nothing” (transcripts and recordings discarded at call end) to custom retention windows for compliance needs.
Does Rayvoc support recording consent requirements?
Yes. Per-agent recording controls include automatic consent announcements, one-party/two-party consent configurations by jurisdiction, and the ability to disable recording entirely while keeping redacted transcripts.
Can my data stay with my own providers?
Largely, yes — that is a side effect of our architecture. With bring-your-own models, inference happens on your provider accounts under your agreements. With BYOC, call media rides your carrier. Rayvoc orchestrates without becoming a data silo you can’t leave.
Bring your security team's questions
Join the waitlist and we'll include our security overview in your onboarding.