Security at DuetDial

Your data security and privacy are our top priorities. Learn about our comprehensive security measures and compliance standards.

Security Overview

At DuetDial, we employ industry-leading security practices to protect your voice data and ensure the integrity of our services. Our multi-layered security approach covers infrastructure, application, and data protection at every level.

Data Encryption

Encryption in Transit

All data transmitted between your applications and our services is encrypted using TLS 1.3 protocol with strong cipher suites. We enforce HTTPS for all API endpoints and WebSocket connections to prevent eavesdropping and man-in-the-middle attacks.

Encryption at Rest

All stored data, including voice recordings, transcriptions, and metadata, is encrypted at rest using AES-256 encryption. Our encryption keys are managed using industry-standard key management systems with automatic key rotation.

Infrastructure Security

  • All infrastructure is hosted in SOC 2 Type II compliant data centers
  • Multi-region redundancy with automatic failover capabilities
  • DDoS protection and rate limiting on all API endpoints
  • Regular security patches and system updates
  • Network segmentation and firewall protection
  • Intrusion detection and prevention systems (IDS/IPS)
  • 24/7 security monitoring and incident response

Access Control

We implement strict access controls to ensure that only authorized personnel and systems can access your data:

  • Role-based access control (RBAC) for all services and data
  • Multi-factor authentication (MFA) required for all employee access
  • API keys with granular permissions and automatic expiration
  • Regular access reviews and automated deprovisioning
  • Principle of least privilege enforced across all systems
  • Comprehensive audit logging of all access and changes

Compliance and Certifications

DuetDial maintains compliance with industry standards and regulations:

SOC 2 Type II

Annual audits verify our security, availability, and confidentiality controls

GDPR

Full compliance with EU data protection regulations

CCPA

California Consumer Privacy Act compliance for US customers

ISO 27001

Information security management system certification

Application Security

  • Regular penetration testing by third-party security firms
  • Automated vulnerability scanning of all code and dependencies
  • Secure software development lifecycle (SDLC) practices
  • Code review requirements for all changes
  • Input validation and sanitization to prevent injection attacks
  • Rate limiting and abuse prevention mechanisms

Incident Response

We maintain a comprehensive incident response plan to quickly address security issues:

  • 24/7 security operations center (SOC) monitoring
  • Automated threat detection and alerting systems
  • Documented incident response procedures and escalation paths
  • Regular incident response drills and tabletop exercises
  • Transparent communication with affected customers
  • Post-incident analysis and remediation tracking

Data Retention and Deletion

We provide full control over your data:

  • Voice recordings are automatically deleted after 30 days
  • You can request immediate deletion of your data at any time
  • Deleted data is purged from all systems including backups within 90 days
  • We maintain audit logs of all data deletion requests
  • No data is retained after account closure beyond legal requirements

Employee Security Training

All DuetDial employees undergo comprehensive security training including secure coding practices, data handling procedures, and privacy awareness. Background checks are conducted for all employees with access to customer data.

Report a Security Issue

If you discover a security vulnerability, please report it responsibly:

Email us at: security@duetdial.com

We appreciate responsible disclosure and will respond to all reports within 24 hours. We offer a bug bounty program for qualifying security vulnerabilities.