We designed Voicea with security in mind at every single layer of the system from day one. We employ the following best practices to ensure our customers’ data is safe and secured:
• Encryption: Everything — over the wire and at rest — is encrypted. Over-the-wire encryption uses RSA 2048 bits keys. At rest, we encrypt files using 256-bit Advanced Encryption Standard (AES-256); we utilize some of the strongest block ciphers and encryption techniques available. We store our recordings on Amazon’s S3 where they are protected using server-side encryption and transferred over a secure TLS connection. Our metadata are stored in databases on AWS, which are also encrypted at rest and with which we communicate over secure connections.
• Access Controls: We create and maintain strict Access Control Lists (ACL’s). All incoming requests to our systems are authenticated.
• Least Privilege: Our subsystems are paranoid and cynical; they don’t trust each other unless proven otherwise (authenticated), even on the same network. Each user and subsystem has access to the minimal set of resources it requires to function and no more.
• Protecting PII and HBI: Personally identifiable information (PII) and high business impact (HBI) data are especially protected. We never log them and we audit access to said data.
• Penetration Testing: At Voicea, ensuring a culture of cyber security and hygiene is crucial to protect our users and their data. We work with skilled security researchers and white-hat hackers to identify security issues.
• Cyber Hygiene: The security-first culture we’re fostering at Voicea starts with our individual commitment to cyber hygiene (personal and professional accounts alike). All employees protect their accounts using strong passwords, the most critical of which are required to be updated regularly, and we employ multifactor authentication (MFA).
Local Devices & Corporate Network: Our employees’ machines are password-protected and the storage devices we use are encrypted; our corporate network sits behind a Unified Threat Management firewall and a VPN.
For questions or more information about security, please contact Support.