Security

Security at AI Secretary 360

We take the security of your business communications and customer data seriously. Here's how we protect your information.

Our Security Commitment

Security is a core part of how we build and operate AI Secretary 360 — not an afterthought. We follow industry best practices and continuously improve our security posture. Your trust depends on us protecting the sensitive business and customer information flowing through our platform, and we take that responsibility seriously.

Infrastructure Security

  • Encryption in transit: All data transmitted between your browser, our app, and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: All stored data, including call recordings, transcriptions, and customer information, is encrypted at rest using AES-256
  • Automated backups: Data is backed up regularly with encrypted, offsite storage to ensure business continuity
  • Cloud infrastructure: Hosted on enterprise-grade cloud providers with physical security, redundancy, and 24/7 monitoring

Access Controls

  • Multi-Factor Authentication (MFA): MFA is available and recommended for all accounts, and required for administrative access
  • Role-Based Access Control (RBAC): Access to systems and data is granted based on role and business need, not as a default
  • Least privilege: Employees and systems are granted only the minimum permissions necessary to perform their function
  • Access logging: All privileged access is logged and reviewed regularly

Data Protection

  • Tenant isolation: Each business account's data is logically isolated — one customer cannot access another's data
  • Encrypted database: Our database layer uses encryption at rest and enforces row-level security policies
  • Secure deletion: When you delete data or close your account, data is permanently removed from our systems within 30 days
  • No data selling: We never sell your data or your customers' data to third parties

Compliance Roadmap

We are actively working toward formal compliance certifications as our platform matures:

  • SOC 2 Type II — Planned. We are designing our infrastructure and processes to meet SOC 2 requirements and intend to pursue certification as we scale
  • ISO 27001 aligned — Our information security management practices are informed by ISO 27001 standards, including risk assessments and security policies
  • GDPR / CCPA ready — We support data subject rights including access, deletion, and portability requests

Incident Response

We maintain a formal incident response process to handle security events quickly and transparently:

  • 24/7 monitoring of our systems for anomalous activity
  • Dedicated incident response team and runbooks
  • 72-hour notification: In the event of a data breach affecting your information, we will notify you within 72 hours of becoming aware, as required by GDPR and applicable law
  • Post-incident reviews and improvements to prevent recurrence

Responsible Disclosure

We welcome reports from security researchers and the community. If you discover a security vulnerability in our platform, please report it to us privately so we can address it before it is exploited.

Please include a description of the vulnerability, steps to reproduce, and the potential impact. We commit to:

  • Acknowledge your report within 2 business days
  • Investigate and provide an estimated timeline for resolution
  • Credit researchers who report valid vulnerabilities (with their permission)

Report security vulnerabilities to: security@aisecretary360.com

We use cookies to improve your experience. By clicking ‘Accept,’ you agree to our use of cookies. Read our Cookie Notice