Security
Boring — on purpose.
Security is easy to talk about and hard to deliver. Here's the truth about what we do, what we don't, and what's next.
Data isolation
Every customer's data lives in its own logical tenant, keyed on org_id. Row-level policies enforce isolation at the database layer, not just the app layer.
Encryption
TLS 1.3 in transit. AES-256-GCM at rest. Envelope-encrypted secrets via cloud KMS. Zero plaintext credentials on disk.
PII redaction
All transcripts pass through a Presidio + custom-pattern redactor before persistence. Names, phone numbers, SSN, CC — never stored raw.
Access control
SSO (Okta, Google Workspace, Azure AD) on Team+. Fine-grained roles: viewer, editor, admin. Every access is audit-logged.
Model training
Your data is never used to train models — ours or any vendor's. BYO LLM keys route directly, bypassing our proxy entirely.
Incident response
24/7 on-call rotation. Notification within 72 hours for any incident affecting customer data. Postmortems public by default.
Certifications & compliance
Where we are — and where we're headed.
- SOC 2 Type II
- In audit · report expected Q4 2026
- GDPR
- DPA available on request · EU data residency on Team+
- HIPAA
- BAA available on Enterprise · roadmap Q1 2027
- ISO 27001
- Planned 2027
Responsible disclosure
Found something? Tell us.
Report vulnerabilities to security@telepace.com. We acknowledge within 24 hours, triage within 72, and pay bounties starting at $500 for confirmed issues (up to $10k for critical).
PGP key: 0xA1B2C3D4E5F6 · fingerprint on keys.openpgp.org.