Security & Trust
You are handing us your
sales calls. Here is how
we protect them.
Calliper processes recorded sales conversations. That is sensitive data, and we treat it that way. No vague assurances below, just what we encrypt, who can access it, where it lives, and what we will never do with it.
Encryption in transit and at rest
Every call recording, transcript, and score is encrypted in transit with TLS 1.2 or higher, and encrypted at rest with AES-256. Keys are managed by our cloud provider's key-management service and rotated on a regular schedule.
No recording or transcript is ever written to disk unencrypted, and no data moves between our services over an unencrypted connection.
Role-based access and SSO
Access inside Calliper is governed by roles. A rep sees their own calls, a manager sees their team, an admin controls the account. You decide who sees what, and you can change it at any time.
We support SSO and SAML so your identity provider stays the source of truth. Deprovision someone there and their Calliper access ends with it. Every access event is logged for audit.
Data residency and retention you control
You choose where your data lives. Accounts can be provisioned in a US or EU region so recordings and transcripts stay in the jurisdiction you need.
Retention is yours to set. Define how long calls and transcripts are kept, then let Calliper delete them automatically. Configure redaction to strip sensitive fields, like payment details, before anything is stored or scored.
Your calls never train shared models
This is the line we will not cross. Your recordings, transcripts, and scores are used to serve you, and only you. We do not use your data to train models shared with other customers.
Your playbook, your calls, and the patterns Calliper learns from them stay inside your account. Nothing you upload makes another company's product better.
Consent stays where it already lives
Calliper does not run your call-recording consent flow, and it does not need to. We process recordings your existing systems already captured under your own consent and disclosure process.
In practice, Calliper inherits the consent you obtain at the point of recording. You remain the controller of that data; we act as your processor, bound by contract to handle it only on your instructions.
A deliberately short sub-processor list
We keep sub-processors to the minimum required to run the service: cloud hosting, and the AI processing that scores your calls. We work to keep that list short on purpose.
We maintain a current register of every sub-processor with access to customer data, what each does, and where it operates. It is available under NDA, and we give notice before adding a new one.
Security roadmap, stated honestly
We would rather tell you where we actually are than claim a badge we have not earned. SOC 2 Type II is in progress, not complete. We are working through the controls and audit period, and we will publish the report when it is issued, not before.
Today the platform runs on encryption, role-based access, SSO, audit logging, least-privilege access for our own team, and regular access reviews. We are happy to walk through it in detail.
Reaching the security team
Security questions, questionnaires, and vulnerability reports go to a real team, not a general inbox. Reach us at [email protected] or through the contact form.
Larger buyers can request our security package, including our sub-processor register, data-flow overview, and a mutual NDA, before any call data is uploaded. We expect the security review to be part of your evaluation.
Still evaluating? Talk to the people who built it.
Send your security questionnaire to [email protected], or request our full security package and mutual NDA before a single call is uploaded.