Security & Compliance
Security is built into every layer of Movoice AI. Voice AI handling customer conversations requires the highest level of data protection and regulatory compliance.Data Encryption
- At Rest: All customer data — call recordings, transcripts, and agent configs — are encrypted using AES-256.
- In Transit: All data between your app, our servers, and AI providers is secured via TLS 1.2+.
Provider Security
We partner only with infrastructure providers that maintain rigorous standards:| Provider | Handles | Certifications |
|---|---|---|
| Twilio / Exotel | Telephony | SOC 2, ISO 27001 |
| Vercel & AWS | Compute | SOC 2 Type II |
| Convex | Database | Encrypted by default |
Compliance Standards
| Standard | Status | Notes |
|---|---|---|
| GDPR | ✅ Compliant | Full support for right to access, rectify, and delete data |
| Indian DPDP | ✅ Compliant | Adherence to the Digital Personal Data Protection Act (2023) |
| SOC 2 Type II | 🟡 In Progress | Currently undergoing formal audit |
| HIPAA | 🟡 In Progress | Dedicated BAA available for healthcare clients on Enterprise plans |
Data Residency
For Indian clients, Movoice AI offers Local Data Residency:- Storage: Call records and business data never leave Indian territory.
- Processing: Regional compute clusters in Mumbai ensure compliance with local financial and data protection laws.
Admin Security Features
- API Key Scoping: Create keys with limited permissions (e.g., read-only access to transcripts).
- Audit Logs: Every administrative action in your account is logged with timestamp and IP.
- Auto-Deletion: Configure retention policies to automatically delete recordings after 30, 60, or 90 days.
- SSO: Enterprise plans support SAML-based Single Sign-On.
To report a security vulnerability or request our latest SOC 2 report, contact security@movoice.ai.