← Back to Home

Security

Last updated: February 2026

At Personnect, security is foundational — not an afterthought. We handle sensitive business communication data every day, and we treat that responsibility seriously. This page outlines our security practices, infrastructure, and commitments.

Data Encryption

In Transit

All data transmitted between your browser, our APIs, and our servers is encrypted using TLS 1.2+. We enforce HTTPS across all endpoints with no exceptions. API traffic, webhook payloads, and CRM sync data are all encrypted in transit.

At Rest

All data stored on our servers — including call recordings, contact data, analytics, and account information — is encrypted at rest using AES-256 encryption. Database backups are also encrypted.

Infrastructure

Personnect's infrastructure is hosted in US-based data centers. Our infrastructure includes:

  • Isolated private networking
  • Automated backups with geographic redundancy
  • DDoS protection at the network and application layer
  • Firewall rules restricting access to production systems
  • Container-based deployments with immutable infrastructure

Access Controls & Authentication

  • Role-based access control (RBAC) for all internal systems
  • Multi-factor authentication (MFA) required for all team members
  • Principle of least privilege — engineers only access what they need
  • All access to production systems is logged and auditable
  • Credentials are managed via encrypted secrets management

Call Recording Security

Call recordings are a critical data type. Our protections include:

  • Recordings encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Access restricted to authorized account users only
  • Recordings can be deleted by account administrators at any time
  • Automatic retention policies configurable per account
  • No Personnect employee accesses recordings without explicit customer authorization

Compliance

  • SOC 2 Type II: Audit in progress — expected completion Q3 2026
  • CCPA: Fully compliant — California residents can exercise their data rights at any time
  • TCPA: Our platform provides tools to support compliance; users are responsible for their own calling practices

Data Retention & Deletion

We retain your data only as long as your account is active or as required to provide the Service. Upon account termination:

  • Data is available for export for 30 days
  • All data is permanently deleted within 90 days
  • You may request immediate deletion at any time by contacting us

Security Audits

We conduct regular security assessments, including:

  • Internal code reviews with security focus
  • Dependency vulnerability scanning (automated, continuous)
  • Periodic third-party penetration testing
  • Infrastructure configuration audits

Responsible Disclosure

If you discover a security vulnerability in Personnect, we ask that you disclose it responsibly. Please contact us at contact@personnect.ai with details. We commit to:

  • Acknowledging your report within 48 hours
  • Providing a timeline for remediation
  • Not pursuing legal action against good-faith security researchers

Contact

For security questions or concerns:

contact@personnect.ai
Personnect.ai LLC
8893 Cobblestone Point Circle
Boynton Beach, FL 33472