Trust is built into how we work.
We handle sensitive voice data with care from day one · and we’re building toward the formal certifications our customers expect. Everything below is what we publish to your security team without a meeting.
Trust is built into how we work.
We handle sensitive voice data with care from day one · and we’re building toward the formal certifications our customers expect.
How we protect your data today
- Encryption in transit (TLS 1.3) and at rest (AES-256) across all voice and transcript data
- Multi-tenant isolation · every data request is scoped per partner at the database layer
- Partner integration credentials encrypted at rest
- Role-based access controls and audit logging on customer data
- We don't train on your data, and we don't retain conversation content for our own use
Voice-specific safeguards
- Call-recording consent disclosed at the start of every call
- Recordings stored encrypted, accessible only to authenticated partner staff
- Configurable opt-out / do-not-call handling
Where we're headed
- Multi-region data residency with right-to-deletion support, aligned to GDPR / UK GDPR / DPDP
- Configurable data retention controls
- Actively working toward SOC 2
Building in a regulated space? Talk to us and we’ll walk you through our current practices and roadmap · tailored to the regulatory regime your team operates under.
Built inside the rules,
with you.
We operate in real regulatory regimes today · and where our customers go, we go. Here’s what we actively build around, market by market.
- RBI Digital Lending Directions 2025LSP liability · Fair Practices Code · calling-hour limits · agent disclosure · audit trail · no misrepresentation
- TRAI TCCCPR + 2025 amendmentDLT registration · 140-series numbers · DND scrubbing
- DPDP Act + RulesConsent capture · data residency · deletion rights · soft enforcement now, hard May 2027
- CBUAE Law 2025Licensing requirement · full compliance by Sept 2026
- CBUAE Consumer Protection Regulation 5.2.5Debt collection conduct standards
- Federal AML/CFT Law (No. 20 of 2018)Anti-money-laundering + counter-financing obligations
- Operational requirementsArabic-language consumer comms · written bank authorisation per assignment
- UK GDPR + Data Protection Act 2018Lawful basis · data subject rights · retention limits
- PECRPrivacy and Electronic Communications Regulations · marketing call rules + consent
- Ofcom rulesAutomated calling, CLI presentation, abandoned-call thresholds
- SOC 2 / ISO 27001Aligned today; actively working toward formal attestation as enterprise demand requires.
- Other jurisdictionsWhatever rules your team operates under · we build into that regulatory space with you. Every new market is a roadmap entry, not a no.
How the platform is built.
Encryption
TLS 1.3 in transit and AES-256 at rest. Customer-managed keys available on enterprise plans.
Tenant isolation
Every data request is scoped per partner at the database layer. Single-tenant + VPC available on request.
Data residency
Multi-region residency across UK (eu-west-2), India (ap-south-1), UAE (me-central-1) and US (us-east-1) with right-to-deletion. New regions stood up per customer demand.
Audit logs
Append-only audit trail on customer data. Exportable to your SIEM. Configurable retention.
No training on your data
Customer voice, transcript and CRM data are never used to train any model · ours or our vendors'.
Vulnerability disclosure
Coordinated disclosure programme · report to security@atilabs.ai and we'll triage within one business day.
Self-serve documentation.
Common questions your team will ask.
Reach our security team.
For audit requests, incident reports, vendor questionnaires or anything else your CISO needs.