SpiceAI
← Back to Home

Security Policy

Last updated: February 21, 2026

1. Our Commitment

SpiceAI takes the security of your data seriously. We implement industry-standard technical and organizational measures to protect your business and caller data against unauthorized access, disclosure, alteration, or destruction.

2. Data Encryption

  • In transit: All data transmitted between your browser, our servers, and third-party integrations is encrypted using TLS 1.2 or higher.
  • At rest: Sensitive data including call recordings, transcripts, and personal information is encrypted at rest using AES-256 encryption.
  • Payment data: We do not store full payment card numbers. Payments are processed through PCI DSS-compliant processors.

3. Access Controls

  • Access to production systems is restricted to authorized personnel on a need-to-know basis.
  • All internal access is logged and reviewed periodically.
  • Multi-factor authentication is required for all internal administrative access.

4. Infrastructure Security

  • Our infrastructure is hosted on reputable cloud providers with SOC 2 Type II certification.
  • We apply security patches and updates on a regular basis.
  • Network-level firewalls, intrusion detection, and DDoS protection are in place.

5. Call Data and Recordings

Call recordings and transcripts are stored securely and are accessible only to the account holder and authorized VoiceReception AI staff for support and compliance purposes. Recordings are automatically purged after the retention period defined in our Privacy Policy.

6. Third-Party Integrations

When you authorize integrations with Google Calendar, Toast, Square, Fresha, or Lightspeed, data is transmitted over encrypted channels using OAuth 2.0 or equivalent secure authorization flows. We do not store third-party credentials on our servers.

7. Incident Response

In the event of a security incident or data breach that affects your data, we will notify affected users within 72 hours of becoming aware, in accordance with applicable breach notification laws. We maintain an incident response plan that is reviewed and tested regularly.

8. Vulnerability Disclosure

If you discover a security vulnerability in our systems, please report it responsibly to security@spiceai.com. We request that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We do not pursue legal action against good-faith security researchers who follow responsible disclosure practices.

9. Your Responsibilities

  • Keep your account password secure and do not share it with others.
  • Notify us immediately at security@spiceai.com if you suspect unauthorized access to your account.
  • Ensure any devices used to access your SpiceAI account are secured with appropriate access controls.

10. Contact

For security-related concerns: security@spiceai.com