All Categories ​ > ​ ​ > ​   Security for Enterprises

Security for Enterprises

Updated by Julian McCarty

Trust and Security

At MosaicVoice, we are committed to providing the highest level of protection for the data entrusted to us. Our Information Security Program is proactive and comprehensive, focusing on securing our application, infrastructure, and associated services. We collaborate with third-party security vendors to regularly evaluate and test our security measures.

Third-Party Security Certifications and Attestations

MosaicVoice adheres to stringent security and data privacy standards, achieving and maintaining the following certifications:

  • SOC 2 Type II: This certification verifies that MosaicVoice's systems are designed and operated to protect customer data, emphasizing security, availability, processing integrity, confidentiality, and privacy. It demonstrates our commitment to maintaining strict security controls and practices.
  • PCI DSS 4.0: As a set of security standards for processing, storing, or transmitting credit card information, PCI DSS 4.0 compliance is crucial for preventing credit card fraud and safeguarding sensitive payment data. MosaicVoice adheres to these standards to ensure the security of payment information.
  • HIPAA: Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is essential for protecting sensitive patient data in the healthcare industry. MosaicVoice implements stringent safeguards to ensure the confidentiality, integrity, and security of personal health information.

Customer Data Collection and Usage

MosaicVoice collects and stores the following customer data in its cloud environment:

  • Email Addresses: Stored only if used as a login method. Alternative login methods do not store email addresses.
  • Legal Name: Of users.
  • Redacted Call Recordings: We offer programmatic redaction of sensitive information from audio recordings and transcripts, including Personally Identifiable Information (PII), Protected Health Information (PHI), and Payment Card Industry (PCI) data.
  • Analytics Data
  • Call Metadata

Redaction

MosaicVoice offers customers the ability to dynamically manage the data that is redacted from call recordings and transcripts. The full list of items that MosaicVoice can programmatically redact can be found here [LINK]. When MosaicVoice redacts an item, the original file is permanently deleted and replaced by a scrubbed file that no longer contains the removed content.

Encryption

We enforce the highest security standards for data encryption:

  • Data in Transit: Secured using TLS 1.2 across all services, with no exceptions.
  • Data at Rest: Encrypted with AES-256 for all production databases and customer data, with no exceptions.

Authentication

MosaicVoice handles user authentication via email. While we do store passwords, they are securely encrypted, and we are not able to retrieve or display them. This ensures that even in the event of a data breach, user passwords remain protected.

Data Access and Segregation

Only select engineering leads have access to customer data, primarily for product development, support, and troubleshooting. Access for other engineers is granted only when necessary for debugging purposes.

Geographical Data Management

At MosaicVoice, we understand the importance of data residency and compliance with local regulations. We offer the flexibility to spin up new environments in specific geographical regions to meet your unique requirements. Whether you need your data stored in a particular country or region, we can configure our services to align with your business needs and ensure compliance with relevant laws and standards.

Production and Datacenter Security

MosaicVoice's backend is hosted entirely on AWS, leveraging AWS's robust security infrastructure, including physical security, key management, redundancy, scalability, and compliance with multiple security standards (SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3, FISMA, PCI DSS Level 1, ISO 9001 / ISO 27001, and more). We enhance security by:

  • Implementing the least privilege principle for internal communications
  • Closing unused ports (including SSH) using AWS's built-in firewall
  • Ensuring all communication is HTTPS with recommended TLS settings
  • Following best practices for secure programming
  • Regular Penetration Testing and Security Scans
  • We perform regular security scans using industry-standard tools to monitor and detect vulnerabilities.
  • Additionally, third-party companies conduct thorough penetration testing to ensure the integrity of our security measures.

Contact

For any questions or concerns about our security practices, please contact us at security@mosaicvoice.ai.

How did we do?

Powered by HelpDocs (opens in a new tab)