Security & data handling

We don't keep your call recordings.

Word Is Bond tests voice agents you run. The audio of a test call is streamed through to speech-to-text and discarded — nothing writes it to disk, object storage, or the database. This is not a promise on a page: a test suite fails our build if a single line of code tries to store call audio.

Enforced in continuous integration. Companion: Privacy.

What happens to your call data

The product's value is the history of your scores — regression and drift over time — so transcripts and scorecards are stored. Call audio is not, because the product never needs it kept.

Audio is never recorded

Media frames are decoded, streamed to speech-to-text, and dropped. We never ask the carrier to record. Recording columns exist in the schema and are never written.

Transcripts age out

Transcripts are stored for regression and drift comparison, then erased 365 days after the run by a scheduled sweep. Scores persist for the life of the account.

Nothing leaks to logs

Audio, transcripts, phone numbers, emails, codes, and tokens can't reach our request logs, product analytics, or error reports. A lint rule and a test suite fail the build if that changes.

How the platform is secured

Plain, verifiable controls — the same ones a security team asks about in a questionnaire.

ControlHow it works
Encryption in transitTLS/HTTPS/WSS for all traffic and every subprocessor connection.
Encryption at restInherited from our storage providers — Cloudflare (object storage, cache) and Neon (database), both SOC 2 Type II.
Tenant isolationEvery record is keyed to your account, resolved from your verified credential — never a value a caller supplies. You reach only your own data.
Access to productionSecrets live in a managed secret store, never in source. Least-privilege service identities. Live billing sits behind an explicit gate.
Change managementReviewed pull requests only on the main branch, continuous-integration gates, and static analysis (CodeQL) on every change.
MonitoringLive error monitoring with personal data scrubbed before any event leaves the service; product analytics that never receive transcripts or contact details.
Your data, on demandExport a full machine-readable copy, or delete your account and everything under it, from the API at any time.

Subprocessors

The third parties that process your data, and what each one sees. We don't sell, rent, or share your data with anyone outside this list.

ProviderRoleWhat it sees
CloudflareRuntime, object storage, cache, database poolingData in transit; your own synthesized script clips and a 24-hour transcription cache at rest
NeonDatabaseTranscripts, scores, accounts, contacts, usage
DeepgramSpeech-to-textCall audio (converted to text)
TelnyxCarrier transport (paid tiers, phone-line path only)Phone numbers and call audio on the carrier path; skipped entirely on the direct path
ElevenLabsText-to-speechYour script text (never caller audio)
Anthropic · xAI · GroqScoring and languageTranscript text
StripeBillingBilling details; card data is entered directly with Stripe and never reaches us
ResendTransactional emailRecipient email address and message body

Cloudflare, Neon, and Stripe are SOC 2 Type II service organizations per their public documentation. The default direct / SIP transport keeps audio off the carrier path entirely.

Compliance posture

The engineering controls a security review looks for — enforced data minimization, tenant isolation, secrets hygiene, reviewed-only change management, static analysis, and scrubbed monitoring — are in place today. Our controls are aligned to the SOC 2 Trust Services Criteria, and we can pursue a SOC 2 Type II examination when a customer requires one. We are not currently SOC 2 certified, and we say so plainly.

Keeping your own recordings Enterprise

By default — for every account — we don't retain call recordings. For teams that need call media captured for their own compliance or quality review, routing recordings to storage you own and control is on the enterprise roadmap: we don't keep recordings, and enterprise customers will be able to send them to their own storage instead of ours. Talk to us for the enterprise configuration.

Need our DPA or a security review?

Request our data-processing addendum and subprocessor details, or send your security questionnaire — we'll answer it factually.

Contact [email protected]