Security

How we protect your data and ensure service security

Our Security Commitment

At Voice.Tax, security is our top priority. We understand that you're entrusting us with sensitive client information and call data. We implement industry-leading security practices to protect your data and maintain the confidentiality of your firm's communications.

Data Encryption

Encryption in Transit

All data transmitted between your devices and our servers is encrypted using TLS 1.3 with 256-bit encryption. This includes voice calls, API requests, and web traffic.

Encryption at Rest

All stored data, including call recordings, transcripts, and customer information, is encrypted at rest using AES-256 encryption standards.

Infrastructure Security

  • Cloud Infrastructure:

    We utilize enterprise-grade cloud infrastructure from trusted providers (Vercel, Supabase) with 99.9% uptime SLAs and built-in redundancy.

  • Network Security:

    Our infrastructure includes firewalls, DDoS protection, intrusion detection systems, and regular security monitoring.

  • Database Security:

    All databases use row-level security (RLS) policies, ensuring users can only access their own firm's data. Connections are encrypted and authenticated.

Authentication and Access Control

  • Secure password requirements with bcrypt hashing
  • Email verification for all new accounts
  • Session-based authentication with secure HTTP-only cookies
  • Role-based access control (owner, admin, member)
  • Two-factor authentication (2FA) available for all accounts
  • Automatic session expiration after inactivity

Application Security

Secure Development Practices

  • Regular security code reviews and audits
  • Automated vulnerability scanning
  • Dependency monitoring and updates
  • Input validation and sanitization
  • SQL injection prevention through parameterized queries
  • XSS (Cross-Site Scripting) protection
  • CSRF (Cross-Site Request Forgery) tokens

API Security

  • API authentication using secure tokens
  • Rate limiting to prevent abuse
  • Request signing and verification
  • Webhook signature validation

Third-Party Security

We carefully vet all third-party services we integrate with:

  • Vapi (Voice AI):

    SOC 2 Type II certified, GDPR compliant

  • Supabase (Database):

    SOC 2 Type II certified, ISO 27001 compliant

  • Stripe (Payments):

    PCI DSS Level 1 certified, we never store credit card data

Monitoring and Incident Response

  • 24/7 security monitoring and alerting
  • Automated anomaly detection
  • Regular security audits and penetration testing
  • Documented incident response procedures
  • Breach notification within 72 hours if required
  • Post-incident analysis and remediation

Data Backup and Recovery

We maintain automated daily backups of all data with 30-day retention. Backups are encrypted, geographically distributed, and regularly tested for integrity. Our disaster recovery plan ensures data can be restored within 4 hours in case of major incidents.

Employee Access

  • Strict need-to-know access policies
  • Background checks for all employees
  • Security training and awareness programs
  • All access is logged and audited
  • Immediate access revocation upon employee departure

Your Security Responsibilities

While we provide robust security measures, you also play a critical role:

  • Use strong, unique passwords
  • Enable two-factor authentication
  • Keep your login credentials confidential
  • Review user access permissions regularly
  • Report suspicious activity immediately
  • Keep your devices and software updated

Reporting Security Issues

If you discover a security vulnerability or have security concerns, please report them immediately to security@voice.tax. We appreciate responsible disclosure and will respond to all reports within 24 hours.

Security Updates

This page is updated regularly to reflect our latest security practices. For questions about our security measures, please contact security@voice.tax