Dialpad protects your business and customer communications with enterprise-grade security that’s built right in.
Calls over the VoIP network and in-transit web requests are encrypted using TLS. At rest, application data is permanently stored using AES 256-bit on the Google Cloud Platform.
Dialpad offers integrations for access management via SAML and SCIM from providers like Okta, Azure, Google Workspace, OneLogin, and more.
Dialpad products are HIPAA-ready. Healthcare industry customers can sign a Business Associate Agreement (BAA) with one click to get up and running. For additional details, check out Dialpad’s HIPAA Compliance Datasheet
Dialpad helps organizations to meet their GDPR compliance requirements through features such as retention policies, data subject access requests, and individual consent mechanisms. Dialpad customers can sign a Data Processing Agreement (DPA) that addresses GDPR and beyond.
Dialpad is a member of the Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR). You can see our completed Consensus Assessment Initiative Questionnaire (CAIQ) here.
Dialpad’s infrastructure and processes are annually certified against ISO 27001:2022 (Information security management), ISO 27017:2015 (Information Security in the cloud), and ISO 27018:2019 (PII for public cloud processors).
Record and transcribe calls with built-in privacy features Dialpad allows admins to configure call recording settings to comply with applicable laws—including the ability to play automated prompts to alert callers. Plus, in-call indicators make it clear whenever you’re recording. Granular controls can also pause recordings automatically whenever sensitive data is detected on screen.
Dialpad offers analytics and export capabilities for sensitive data that can be managed by your admins. After all, your data belongs to you. We’ll retain data until you choose to delete it. Enterprise customers can set their own retention policies to remove, archive, or anonymize data on a custom time interval. Data subject requests are available in our help center.
Dialpad PII Redaction is an Ai-driven feature designed to automatically identify and protect sensitive information in call transcripts. By leveraging machine learning algorithms to recognize and redact personal data, this capability ensures that personal identifiable data (PII) like credit card or social security numbers remain hidden from unauthorized eyes—while leaving the rest of the content intact.
Dialpad offers two options to customers in order to help them maintain their PCI Compliance.
Option 1: Agents have the capability to pause their recordings in order to take payment data over a call.
Option 2: Dialpad offers an API to programmatically stop/restart recordings for users based on actions taken in payment systems.
Native authentication and authorization mechanisms are used for the integrations built with our partners to ensure that permissions and data are accessed through verified protocols such as OAuth. Dialpad also gives customers control to manage the integrations to turn on and off data or permission access at the source. Furthermore, Dialpad goes through regular security reviews of its integrations with providers such as Google and SalesForce to be listed on the providers’ application directories.
Call blocking and spam prevention features are provided to each user. Dialpad also performs spam recognition and gives capabilities for users to block callers with high spam scores. See the following page for additional details.
Quarterly penetration tests are run by an independent third-party tester on our new features and products to test against web application attacks, such as those identified within the OWASP Top 10. Dialpad also enables security scanners and security checks in continuous integration pipelines to ensure that common web application attacks are mitigated prior to deploying new releases. Dialpad also implements technical controls such as rate-limiting to protect against unauthorized traffic attacks.
Dialpad follows the NIST Guidelines for incident response. Per our Terms of Service and contractual obligations, Dialpad will notify customers of any breach involving their data. Dialpad is committed to compliance with all applicable breach notification laws and regulations.
To protect our customers’ data and fulfill our legal obligations, Dialpad has adopted a standardized and stringent review process for all government data requests, and commits to notifying customers of such requests unless prohibited by law. Read more about Dialpad’s review process and view our transparency reports.
All permanent customer data, such as contact lists, call records, recordings, and transcripts, is stored in the United States via Google Cloud Platform, and backed up daily. Transient customer data through Dialpad’s data centers is held for no more than 72 hours.
Yes. Buuut there are some measures you need to take to make sure it’s set up correctly for use by healthcare providers.
A simple guide showing you how to use Dialpad’s artificial intelligence to boost your business while staying secure and compliant.
Learn more about automatic notifications, automatic pausing, manual pausing, exception list, and retention policies.
Bring your business onto Dialpad’s enterprise-grade platform so your teams can talk,
message, and meet all in one place.
English 
Vietnamese