Skip to main content

Security & compliance overview

This page summarizes the main security and compliance principles behind CallPilot.ai.

It is intended for security, compliance and technical stakeholders who need to understand how the platform protects data and aligns with standard practices.

Important: This is a high-level overview. For formal documentation (contracts, DPAs, certifications, detailed architecture), please refer to the official materials provided by CallPilot.ai or your account representative.

Security by design

CallPilot.ai is designed with security in mind across:

  • Application layer
  • Infrastructure
  • Access and identity
  • Monitoring and operations

Key principles include:

  • Least privilege – Users and systems only get the access they need.
  • Separation of environments – Test/sandbox and production are separated.
  • Defense in depth – Multiple layers of protection (network, app, data).

Data protection

Encryption in transit

  • All communication between browsers, APIs and services is protected using TLS (HTTPS).
  • External integrations (e.g. with telephony providers, CRMs) are configured to use secure channels whenever supported.

Encryption at rest

  • Data stored in databases and storage services is encrypted at rest using the underlying cloud provider’s mechanisms (e.g. encryption provided by Azure-managed services).

Data segregation

  • Data is logically separated by organization/tenant to prevent cross-tenant access.
  • Access controls ensure that users and integrations only see data for the organizations and environments they are allowed to access.

Identity and access management

CallPilot.ai supports controlled access through:

  • User accounts with role- or permission-based access.
  • Optionally, SSO integrations and centralized identity providers (depending on your deployment and agreement).
  • API authentication (e.g. API keys or tokens) for system-to-system integrations.

Typical patterns:

  • Admin roles manage:
    • Users and permissions.
    • Organization-level configuration.
  • Non-admins may have limited access to:
    • Campaign management.
    • Monitoring views.
    • Reports and exports.

Access can be revoked by deactivating users or rotating credentials.

Logging and monitoring

To ensure visibility and traceability:

  • Application and infrastructure components emit logs and metrics.
  • Monitoring dashboards (e.g. within Azure) track:
    • Availability.
    • Errors.
    • Performance indicators.
  • Operational teams can use logs to:
    • Investigate incidents.
    • Audit usage patterns.
    • Improve reliability and performance.

Where available, audit trails may record key configuration changes (e.g. campaign status changes, user management actions).

Compliance and regulations

CallPilot.ai is designed to help customers comply with applicable regulations in their context, such as:

  • Data protection and privacy regulations (e.g. GDPR in the EU, where applicable).
  • Industry-specific requirements driven by your use case.

Exact compliance posture (certifications, attestations, data residency guarantees) depends on:

  • The region and deployment model you use.
  • The contractual agreements in place.

For specifics on:

  • Data processing agreements (DPAs).
  • Subprocessors and data locations.
  • Formal certifications or attestations.

please refer to the legal and compliance documentation provided with your contract or contact your CallPilot.ai representative.

Customer responsibilities

Security is a shared responsibility. As a customer, you are typically responsible for:

  • Managing user accounts and roles in line with your internal policies.
  • Ensuring that contact data and campaign content comply with your legal and regulatory obligations.
  • Protecting your own systems that integrate with CallPilot.ai (e.g. CRMs, databases, internal APIs).

CallPilot.ai provides the platform, controls and tools, but your internal policies and processes are also critical to maintaining a secure and compliant environment.

More information

If you require:

  • Detailed architecture diagrams.
  • Network and data flow descriptions.
  • Security questionnaires or compliance documents.

please contact your CallPilot.ai account manager or support team, who can provide the appropriate materials under NDA where necessary.