security isn't a slide. it's the architecture.

The exact controls we run in production: compliance, data privacy, infrastructure hardening, cloud storage and disaster recovery, in plain terms.

compliance and certifications

Does the technology stack meet enterprise compliance standards?
  • Yes — the pipeline is built entirely on compliant infrastructure.
  • Retell AI maintains SOC 2 Type 1 and Type 2 certifications and is fully HIPAA compliant, with regular independent penetration testing and audits.
  • DigitalOcean and AWS maintain rigorous global compliance standards, including SOC 2 and ISO 27001.
  • Self-hosting the middleware and owning the AWS storage instances keeps ultimate control over data residency and compliance in-house.

data privacy and AI vendor controls

How is sensitive information kept from leaking or being used to train external AI models?
  • Strict data anonymization and privacy safeguards apply at the very start of the pipeline.
  • Vendor agreements explicitly prohibit third parties from using call data to train public large language models.
  • Names, addresses and passwords are automatically detected and masked in both transcripts and recordings before data ever reaches internal systems.
  • All data processed by the AI agent is encrypted in transit (TLS 1.2+) and encrypted at rest.

self-hosted infrastructure security

How is the internal infrastructure secured against unauthorized access?
  • Self-hosting workflow automation keeps API payloads and credentials entirely within our own controlled infrastructure, cutting third-party vendor risk.
  • The network is isolated behind a secure reverse proxy handling TLS termination; default application ports are blocked from the public internet.
  • A default-deny firewall policy restricts traffic to required HTTPS ports only, alongside automated blocking of malicious IP addresses.
  • Server access requires strict cryptographic keys — password authentication is disabled entirely.
How are API credentials protected within the workflows?
  • Credentials are never stored in plain text — native database credential encryption is used throughout.
  • A unique encryption key ensures every API key and authentication token is heavily encrypted at rest.
  • Credentials are never exposed in workflow exports or system logs.

data storage and cloud security

What is the security posture regarding data storage and cloud access?
  • AWS serves as the ultimate source of truth, with the principle of least privilege enforced across every system.
  • All data stored in AWS is encrypted at rest using AES-256 via AWS Key Management Service.
  • Application roles are tightly scoped to only the permissions needed to write data — zero administrative privileges.
  • All storage repositories have public access blocked globally; data is reachable only by authenticated internal users or applications.

threat detection and continuity

What are the disaster recovery and threat mitigation strategies?
  • Rate limiting and abuse prevention are built into the architecture — the edge throttles excessive incoming requests automatically.
  • The AI infrastructure scales automatically to handle call volume and has protections built in against telephony denial-of-service attempts.
  • Workflows and databases are backed up regularly; AWS storage uses cross-zone replication for high availability.
  • Strict data retention policies dictate exactly how long data is kept before being securely purged.