FeaturesHow It WorksPricingFAQ
Theme
Log InGet Started

Security

Protecting your data is our top priority. Learn about the measures we take to keep your information safe.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. API keys and sensitive credentials are stored using industry-standard key management systems.

Infrastructure Security

Our infrastructure is hosted on AWS with multi-region redundancy. We leverage VPCs, security groups, and WAF to protect against unauthorized access and DDoS attacks.

Access Controls

We implement strict role-based access controls (RBAC) with the principle of least privilege. All administrative access requires multi-factor authentication (MFA).

Monitoring & Logging

Comprehensive logging of all system activities with real-time monitoring and alerting. Logs are retained for a minimum of 12 months and are tamper-proof.

Incident Response

We maintain a documented incident response plan with defined roles, communication protocols, and recovery procedures. Our team conducts regular tabletop exercises.

Compliance

VeloCalls maintains SOC 2 Type II certification and is GDPR compliant. We undergo regular third-party penetration testing and security audits.

Application Security

Our development team follows secure coding practices based on the OWASP Top 10. Every code change undergoes peer review and automated security scanning before deployment. We maintain a comprehensive suite of security tests that run as part of our CI/CD pipeline.

  • Static Application Security Testing (SAST) on every pull request
  • Dynamic Application Security Testing (DAST) in staging environments
  • Dependency vulnerability scanning with automated alerts
  • Container image scanning before deployment
  • Regular third-party penetration testing (quarterly)

Network Security

Our network architecture is designed with defense in depth. We use Virtual Private Clouds (VPCs) to isolate environments, Web Application Firewalls (WAF) to protect against common attack vectors, DDoS protection through AWS Shield Advanced, intrusion detection and prevention systems (IDS/IPS), and network segmentation to limit blast radius. All internal service-to-service communication is encrypted and authenticated using mutual TLS.

Data Protection

We implement multiple layers of data protection. Database backups are encrypted and stored in geographically separate regions. Call recordings are encrypted with customer-specific keys. Personal data is pseudonymized where possible. Data deletion requests are processed within 30 days with cryptographic verification. We maintain a data classification policy that ensures sensitive data receives appropriate handling throughout its lifecycle.

Compliance Certifications

  • SOC 2 Type II certified
  • GDPR compliant
  • CCPA compliant
  • PCI DSS Level 1 (via payment processor)
  • HIPAA Business Associate Agreements available for healthcare customers

Responsible Disclosure

We value the security research community and welcome responsible disclosure of security vulnerabilities. If you believe you have found a security vulnerability in our Service, please report it to us at security@velocalls.com.

We commit to acknowledging receipt within 24 hours, providing an initial assessment within 72 hours, keeping you informed of our progress, and not pursuing legal action against good-faith security researchers. We do not currently offer a bug bounty program, but we recognize and thank researchers who report valid vulnerabilities.