We don't keep your call recordings.
Word Is Bond tests voice agents you run. The audio of a test call is streamed through to speech-to-text and discarded — nothing writes it to disk, object storage, or the database. This is not a promise on a page: a test suite fails our build if a single line of code tries to store call audio.
Enforced in continuous integration. Companion: Privacy.
What happens to your call data
The product's value is the history of your scores — regression and drift over time — so transcripts and scorecards are stored. Call audio is not, because the product never needs it kept.
Audio is never recorded
Media frames are decoded, streamed to speech-to-text, and dropped. We never ask the carrier to record. Recording columns exist in the schema and are never written.
Transcripts age out
Transcripts are stored for regression and drift comparison, then erased 365 days after the run by a scheduled sweep. Scores persist for the life of the account.
Nothing leaks to logs
Audio, transcripts, phone numbers, emails, codes, and tokens can't reach our request logs, product analytics, or error reports. A lint rule and a test suite fail the build if that changes.
How the platform is secured
Plain, verifiable controls — the same ones a security team asks about in a questionnaire.
| Control | How it works |
|---|---|
| Encryption in transit | TLS/HTTPS/WSS for all traffic and every subprocessor connection. |
| Encryption at rest | Inherited from our storage providers — Cloudflare (object storage, cache) and Neon (database), both SOC 2 Type II. |
| Tenant isolation | Every record is keyed to your account, resolved from your verified credential — never a value a caller supplies. You reach only your own data. |
| Access to production | Secrets live in a managed secret store, never in source. Least-privilege service identities. Live billing sits behind an explicit gate. |
| Change management | Reviewed pull requests only on the main branch, continuous-integration gates, and static analysis (CodeQL) on every change. |
| Monitoring | Live error monitoring with personal data scrubbed before any event leaves the service; product analytics that never receive transcripts or contact details. |
| Your data, on demand | Export a full machine-readable copy, or delete your account and everything under it, from the API at any time. |
Subprocessors
The third parties that process your data, and what each one sees. We don't sell, rent, or share your data with anyone outside this list.
| Provider | Role | What it sees |
|---|---|---|
| Cloudflare | Runtime, object storage, cache, database pooling | Data in transit; your own synthesized script clips and a 24-hour transcription cache at rest |
| Neon | Database | Transcripts, scores, accounts, contacts, usage |
| Deepgram | Speech-to-text | Call audio (converted to text) |
| Telnyx | Carrier transport (paid tiers, phone-line path only) | Phone numbers and call audio on the carrier path; skipped entirely on the direct path |
| ElevenLabs | Text-to-speech | Your script text (never caller audio) |
| Anthropic · xAI · Groq | Scoring and language | Transcript text |
| Stripe | Billing | Billing details; card data is entered directly with Stripe and never reaches us |
| Resend | Transactional email | Recipient email address and message body |
Cloudflare, Neon, and Stripe are SOC 2 Type II service organizations per their public documentation. The default direct / SIP transport keeps audio off the carrier path entirely.
Compliance posture
The engineering controls a security review looks for — enforced data minimization, tenant isolation, secrets hygiene, reviewed-only change management, static analysis, and scrubbed monitoring — are in place today. Our controls are aligned to the SOC 2 Trust Services Criteria, and we can pursue a SOC 2 Type II examination when a customer requires one. We are not currently SOC 2 certified, and we say so plainly.
Keeping your own recordings Enterprise
By default — for every account — we don't retain call recordings. For teams that need call media captured for their own compliance or quality review, routing recordings to storage you own and control is on the enterprise roadmap: we don't keep recordings, and enterprise customers will be able to send them to their own storage instead of ours. Talk to us for the enterprise configuration.
Need our DPA or a security review?
Request our data-processing addendum and subprocessor details, or send your security questionnaire — we'll answer it factually.
Contact [email protected]