(
Effective Date:
Nov 15, 2025
)
Security Policy
1. Our Commitment to Security
At Callox, protecting your data is our highest priority. We implement comprehensive security measures to safeguard your call recordings, transcriptions, and personal information.
2. Data Encryption
In Transit:
All data transmitted to and from our servers uses TLS 1.3 encryption
API communications are encrypted end-to-end
Real-time call data is encrypted during transmission
At Rest:
All stored data is encrypted using AES-256 encryption
Database encryption with rotating keys
Encrypted backups with separate key management
3. Infrastructure Security
Cloud Security:
Hosted on enterprise-grade cloud infrastructure (AWS/Google Cloud)
Multi-region redundancy and failover capabilities
Regular security patches and updates
Network segmentation and firewall protection
Access Controls:
Multi-factor authentication for all employee accounts
Role-based access controls with least privilege principles
Regular access reviews and deprovisioning
Secure VPN access for remote operations
4. Application Security
Development Practices:
Secure coding standards and code reviews
Regular security testing and vulnerability assessments
Automated security scanning in CI/CD pipelines
Third-party security audits and penetration testing
Authentication & Authorization:
Strong password requirements
Account lockout protection
Session management and timeout controls
OAuth 2.0 and OpenID Connect standards
5. Data Protection
Privacy by Design:
Data minimization principles
Purpose limitation for data processing
Regular data retention policy enforcement
Automated data deletion capabilities
Backup and Recovery:
Encrypted, geographically distributed backups
Regular backup testing and validation
Disaster recovery procedures with defined RTOs
Business continuity planning
6. Monitoring and Incident Response
24/7 Monitoring:
Real-time security monitoring and alerting
Intrusion detection and prevention systems
Log analysis and anomaly detection
Automated threat response capabilities
Incident Response:
Dedicated security incident response team
Defined escalation procedures
Customer notification protocols
Post-incident analysis and improvements
7. Compliance and Certifications
Standards Compliance:
SOC 2 Type II compliance
GDPR and CCPA compliance
ISO 27001 security management
Regular compliance audits
Industry Standards:
OWASP security guidelines
NIST Cybersecurity Framework
Cloud security best practices
Regular security training for all employees
8. Employee Security
Background Checks:
Comprehensive background verification for all employees
Ongoing security awareness training
Confidentiality and security agreements
Regular security policy updates
9. Vendor Management
Third-Party Security:
Security assessments of all vendors
Contractual security requirements
Regular vendor security reviews
Supply chain risk management
10. Customer Security
Best Practices:
Use strong, unique passwords
Enable two-factor authentication
Regularly review account activity
Report suspicious activity immediately
Keep your devices and software updated
11. Reporting Security Issues
If you discover a security vulnerability, please report it to our security team at security@callox.com. We have a responsible disclosure program and will work with you to address any issues.
1. Our Commitment to Security
At Callox, protecting your data is our highest priority. We implement comprehensive security measures to safeguard your call recordings, transcriptions, and personal information.
2. Data Encryption
In Transit:
All data transmitted to and from our servers uses TLS 1.3 encryption
API communications are encrypted end-to-end
Real-time call data is encrypted during transmission
At Rest:
All stored data is encrypted using AES-256 encryption
Database encryption with rotating keys
Encrypted backups with separate key management
3. Infrastructure Security
Cloud Security:
Hosted on enterprise-grade cloud infrastructure (AWS/Google Cloud)
Multi-region redundancy and failover capabilities
Regular security patches and updates
Network segmentation and firewall protection
Access Controls:
Multi-factor authentication for all employee accounts
Role-based access controls with least privilege principles
Regular access reviews and deprovisioning
Secure VPN access for remote operations
4. Application Security
Development Practices:
Secure coding standards and code reviews
Regular security testing and vulnerability assessments
Automated security scanning in CI/CD pipelines
Third-party security audits and penetration testing
Authentication & Authorization:
Strong password requirements
Account lockout protection
Session management and timeout controls
OAuth 2.0 and OpenID Connect standards
5. Data Protection
Privacy by Design:
Data minimization principles
Purpose limitation for data processing
Regular data retention policy enforcement
Automated data deletion capabilities
Backup and Recovery:
Encrypted, geographically distributed backups
Regular backup testing and validation
Disaster recovery procedures with defined RTOs
Business continuity planning
6. Monitoring and Incident Response
24/7 Monitoring:
Real-time security monitoring and alerting
Intrusion detection and prevention systems
Log analysis and anomaly detection
Automated threat response capabilities
Incident Response:
Dedicated security incident response team
Defined escalation procedures
Customer notification protocols
Post-incident analysis and improvements
7. Compliance and Certifications
Standards Compliance:
SOC 2 Type II compliance
GDPR and CCPA compliance
ISO 27001 security management
Regular compliance audits
Industry Standards:
OWASP security guidelines
NIST Cybersecurity Framework
Cloud security best practices
Regular security training for all employees
8. Employee Security
Background Checks:
Comprehensive background verification for all employees
Ongoing security awareness training
Confidentiality and security agreements
Regular security policy updates
9. Vendor Management
Third-Party Security:
Security assessments of all vendors
Contractual security requirements
Regular vendor security reviews
Supply chain risk management
10. Customer Security
Best Practices:
Use strong, unique passwords
Enable two-factor authentication
Regularly review account activity
Report suspicious activity immediately
Keep your devices and software updated
11. Reporting Security Issues
If you discover a security vulnerability, please report it to our security team at security@callox.com. We have a responsible disclosure program and will work with you to address any issues.