Compliance & Certifications

SOC 2 Type II Certified

We are SOC 2 Type II certified, demonstrating our commitment to:

• Security - Protection against unauthorized access
• Availability - System uptime and reliability
• Processing Integrity - Accurate and timely processing
• Confidentiality - Protection of sensitive information
• Privacy - Proper collection and use of personal data

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) for all European customers, ensuring proper data handling, consent management, and user rights protection.

CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA), providing California residents with enhanced privacy rights and data transparency.

HIPAA Ready

For healthcare-related service businesses, we offer HIPAA-compliant configurations with Business Associate Agreements (BAA) available upon request.

Data Encryption

All data is encrypted both in transit and at rest:

• TLS 1.3 for data in transit
• AES-256 encryption for data at rest
• End-to-end encryption for call recordings
• Secure key management with AWS KMS

Infrastructure Security

Our infrastructure is built on enterprise-grade cloud providers:

• AWS for compute and storage
• Multi-region redundancy
• Automated backups and disaster recovery
• DDoS protection and WAF
• 24/7 security monitoring

Regular Audits

We conduct regular security audits and penetration testing to identify and address potential vulnerabilities. Our security team continuously monitors for threats and implements industry best practices.

Request Compliance Documentation

For detailed compliance documentation, security questionnaires, or to discuss enterprise security requirements, contact our security team:

Email: security@kestrelvoice.com
Security Portal: kestrelvoice.com/security