How we handle your data

What we store, how long we keep it, and how it's protected.

Written By Catherine Weir

Last updated About 3 hours ago

Transparency about your data matters to us. Here's what we store, how long, and how it's protected.

What we store

Message content: 30 days by default (extendable on Enterprise plans)
Call recordings (when enabled): 30 days by default
Call metadata (who called whom, when, duration): 24 months
Consent records: retained indefinitely (compliance requirement)
Opt-out records: retained indefinitely

How it's protected

All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
SOC 2 Type II attestation renewed annually
HIPAA-compliant infrastructure available on Enterprise plans with BAA
Regular third-party penetration testing
Role-based access control with full audit logs

Your rights

Export any of your data via API or dashboard
Request deletion of specific records (subject to regulatory retention rules)
Request a compliance attestation report for your own records