Security & Trust
Last updated: 2026-06-11
We build AiFortis VoiceAI Portal to be secure by design.
- Encryption: provider keys, SIP and integration secrets are encrypted (AES-256-GCM); traffic uses HTTPS/TLS.
- Access control: role-based access, optional two-factor authentication (TOTP), and least-privilege service access.
- Tenant isolation: every record is scoped to its client; queries are tenant-scoped and audit-logged.
- Recording consent: call recording is governed by a consent/notice step in the call flow.
- Data lifecycle: configurable retention with automatic purge, plus per-record erasure on request.
- Monitoring: error and job-failure logging, concurrency reconciliation, and alarms on anomalies.
Note on certification: GDPR has no single official "certificate". We operate to GDPR requirements and can support audits; formal certifications (e.g. ISO 27001, SOC 2, or an accredited GDPR scheme) require a separate external audit, which we can pursue on request.
Security contact: [dpo@aifortis.example].