VocalOps trust centre

Security, privacy, and control for AI phone calls

Evaluate data flows, permissions, and boundaries before giving VocalOps access to a call or connected system.

Canadian French + English • Configurable human handoff • Keep your number when supported by your carrier

At a glance

Defined by the workflow, not only the voice

Phone-agent security depends on the complete workflow: telephony, transcription, knowledge, actions, storage, users, and connected tools.

This page explains our approach and what to verify during scoping. Contractual, technical, and subprocessors controls that apply to your deployment must be confirmed in documentation provided by VocalOps; we do not display an unverified certification.

Outcomes

Design principles

Minimization

Collect only information required by the approved scenario.

Limited access

Give the agent and users necessary permissions without broad access by default.

Controlled actions

Route sensitive writes and transfers through testable rules.

Traceability

Retain outcomes and events needed to investigate and improve service.

Implementation

Pre-launch assessment

  1. 1

    Map

    Document incoming data, destinations, responsible parties, and required duration.

  2. 2

    Limit

    Define fields, permissions, answers, actions, and prohibited scenarios.

  3. 3

    Test

    Verify authentication, errors, integration downtime, and human handoff.

  4. 4

    Review

    Assign an owner and review date to every source and control.

Scenarios

Documents to request

Flow and residency

Processing and storage locations that apply to your configuration.

Retention and deletion

Duration by data type, exceptions, and deletion processes.

Subprocessors and agreements

Applicable list, obligations, DPA, and shared responsibilities.

FAQ

Security questions

Where is data processed?

VocalOps positions the service around Canadian hosting. The exact residency of every component and integration must be confirmed in your deployment documentation.

How long are calls retained?

The privacy policy describes general periods. Your agreement and configuration should identify affected data, exceptions, and deletion.

Does VocalOps make my company PIPEDA or Law 25 compliant?

No single tool makes an organization compliant. Your company must validate consent, notices, purposes, access, retention, and applicable agreements.

How do I request a technical review?

Contact VocalOps to obtain available documents, describe your data, and arrange a review with the appropriate owners.

Plan a security review for your use case

Describe your company’s data, integrations, and obligations before approving scope.