Security and compliance trusted by the Fortune 500 across every industry.
● 24x7x365 system server monitoring and on-call support from dedicated cloud-ops team
● Infrastructure hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP)
● Annually tested business continuity and disaster recovery (DR) plans
● Separate production and testing environments
● Multi-availability zone (AZ) compute instances
● Infrastructure as Code (IaaC) management of cloud resources to ensure repeatable and reliable changes.
● Voiceflow follows secure credential storage best practices by storing passwords using one-way hash encrypted passwords (BCRYPT)
● Audit logging and event alerting
● Regular updates rolled out to all customers, ensuring everyone has the latest application and security innovation
● Project history tracking and rollback capability
● User-managed workspace access control to govern sharing privileges
● Application audit log that includes security events such as user logins or configuration changes.
● Encryption-at-rest with AWS/GCP KMS customer-managed keys (AES-256)
● Geographically distributed and encrypted offsite backups
● Fully managed multi-AZ database instances with point-in-time-restore (PITR)
● A CDN-based Web Application Firewall (WAF) and (D)DOS mitigation technologies
● Encryption-in-transit using industry-standard TLS v1.2+ to ensure that all traffic between users and Voiceflow is secure.
● All cloud-internal traffic is encrypted with mTLS with short-lived per-application certificates.
● Tiered, firewalled, and segmented network infrastructure to ensure that communication between Voiceflow services is strictly controlled.
● Employee background and reference checks in accordance with local laws.
● Annual employee security awareness training covers topics such as data privacy, information security, and password security.
● Principle-of-least-privilege implemented across the organization for both information and resource access.
● Audit logging of all cloud resources
● Automated vulnerability analysis via network, host, and application scans.
● Code assessment through both automated and manual review processes governed by Voiceflow's document Software Development Life Cycle (SDLC) policy.
● Annual external penetration testing on primary public-facing endpoints.
● Single Sign-On (SSO) support for enterprise users
If you believe you've discovered a security-related issue or would like to learn more about Voiceflow's security practices, please contact us at security@voiceflow.com.
Adam Loo
Head of Legal and Compliance
Voiceflow, Inc.
Toronto, Canada
Voiceflow helps enterprise product teams securely build, test, launch, and manage conversational AI agents at scale for any use case.
Discover EnterpriseSecure and manage work across you organization with SSO and advanced user permissions.
Meet strict compliance and security needs alongside custom contracting and SLAs.
From implementation support to hands-on training, we're here to offer personalized help.
Receive unlimited Voiceflow feature access and invites to view and participate in Voiceflow beta features and our roadmap.