EU-hosted
All customer data lives in EU data centres in the Netherlands and Belgium. ISO 27001-certified facilities. No transfers outside the EU/EEA without SCCs.
Security
Built on EU infrastructure. Engineered for regulated voice.
How we protect customer data, run the platform, and keep voice traffic compliant.
The basics
Four things we never compromise on.
Encrypted in transit & at rest
TLS 1.2+ for HTTPS, SIP/TLS for signalling, SRTP for media where carriers support it. Full-disk encryption + KMS-sealed secrets at rest.
Least-privilege access
Customer admin via Microsoft Entra SSO with MFA. Internal access to production is audit-logged, reviewed quarterly, and never lives on developer machines.
Telecom-grade compliance
Registered telecoms provider with the routing, retention, and lawful-intercept obligations the role implies. Carrier-of-record agreements with redundant SIP trunks.
Operations & response
Logging & monitoring
Application, security, and call-detail logs are aggregated centrally with automated alerting on anomalous activity. Retention periods are documented in the DPA.
Incident response
We notify affected customers without undue delay — and within 72 hours for personal-data breaches in line with GDPR Article 33. Our runbook covers triage, containment, and customer communication.
Backups & resilience
Automated daily backups with multi-region retention. Disaster-recovery procedures are tested at least annually.
Reporting an issue
Found a security issue? Email security@callerconnect.io. We acknowledge reports within one business day and welcome responsible disclosure.
Found something we should know?
Responsible disclosure welcomed — we acknowledge reports within one business day.