Security & Compliance

Last updated: 1 May 2026

1. Encryption in Transit

All communication between your device and our servers is protected by TLS 1.3 encryption. Your browser displays a padlock icon when connected securely.

2. Encryption at Rest

Data storage encryption: [FILL: encryption method — e.g., AES-256 with AWS KMS]
Call recordings location: [FILL: region — e.g., AWS EU (Ireland) region]
Retention period: [FILL: days/months — e.g., 90 days from call date]
All encrypted data is deleted automatically after the retention period.

3. Data Residency (GDPR Compliance)

We ensure that customer data for EU-based businesses is processed and stored within the EU whenever possible. Call recordings and primary customer records are stored in EU data centers. See our Privacy Policy for details on international data transfers and Standard Contractual Clauses.

4. Access Control

Role-based access: Only authorized staff can access customer data
Multi-factor authentication: Required for all internal systems
Audit logs: All data access is logged and monitored for suspicious activity
Least privilege: Employees have access only to the minimum data needed for their role

5. Sub-processors & Third Parties

See our Privacy Policy for a complete list of sub-processors. We conduct due diligence on all third parties and ensure they meet GDPR and security standards.

⚠️ [FILL: List of sub-processors and their security certifications]

6. Incident Response

In the event of a security breach:

We will investigate immediately
Affected customers are notified within 72 hours (per GDPR Article 33)
We will cooperate with relevant authorities and regulators
Remediation steps are communicated transparently

Report security issues to: security@awreceptionistai.se

7. Request a Data Processing Agreement (DPA)

If your organization requires a formal Data Processing Agreement under GDPR Article 28, contact:

[FILL: DPA contact email]

8. Security Certifications & Compliance

⚠️ [FILL: Certifications/compliance]
E.g., "ISO 27001, SOC 2 Type II, GDPR-certified, CCPA compliant"

9. Penetration Testing & Audits

We conduct regular security audits and penetration tests to identify and remediate vulnerabilities. Results are shared with customers upon request.

10. Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to: security@awreceptionistai.se
Do not publicly disclose the vulnerability until we have had time to patch it.

11. Questions?

For security or compliance questions, contact:
security@awreceptionistai.se