CallMap is built with enterprise-grade security, encryption, and compliance practices to protect your data and meet regulatory requirements.
AES-256-GCM encryption at rest and TLS 1.3 in transit
GDPR, CCPA compliant with SOC 2 certification in progress
Role-based access control with secure authentication
All data stored in our databases is encrypted using AES-256-GCM, one of the strongest encryption standards available. This includes audio recordings, transcripts, mindmaps, user data, and all other sensitive information.
All data transmitted between your device and our servers is protected using TLS 1.3 encryption. This ensures that your data cannot be intercepted or read by third parties during transmission.
Encryption keys are managed using industry-standard key management practices, with keys stored separately from encrypted data and rotated regularly.
We use Firebase Authentication, which provides industry-standard security features including password hashing, session management, and protection against common attacks like brute force and credential stuffing.
Workspace data is protected by role-based access control. Only authorized users with appropriate roles (Owner, Manager, or Member) can access workspace data. Permissions are enforced at both the application and database levels.
All API endpoints require authentication using secure token-based authentication. API keys are encrypted and can be revoked at any time from your account settings.
User sessions are securely managed with automatic expiration and the ability to revoke sessions from any device. We support secure session tokens that are validated on every request.
CallMap is hosted on Vercel and uses Firebase (Google Cloud Platform) for backend services. Both platforms maintain industry-leading security certifications including SOC 2, ISO 27001, and PCI DSS compliance.
Our infrastructure is protected by multiple layers of network security including firewalls, DDoS protection, and intrusion detection systems. All network traffic is monitored and logged for security analysis.
We regularly update all system components, dependencies, and infrastructure to address security vulnerabilities. Security patches are applied promptly, and we follow a responsible disclosure process for any identified issues.
All data is automatically backed up on a regular schedule with point-in-time recovery capabilities. Backups are encrypted and stored in geographically distributed locations to ensure data availability and durability.
CallMap is fully compliant with the General Data Protection Regulation (GDPR). We provide:
CallMap complies with the California Consumer Privacy Act (CCPA). California residents have the right to:
We are actively pursuing SOC 2 Type II certification, which demonstrates our commitment to security, availability, processing integrity, confidentiality, and privacy. Our infrastructure providers (Vercel and Firebase) are already SOC 2 certified.
Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified. We never store, process, or transmit credit card information on our servers. All payment data is handled securely by Stripe's certified infrastructure.
We only collect and process data that is necessary to provide our services. We do not collect unnecessary personal information, and we regularly review our data collection practices to ensure we're following the principle of data minimization.
We retain your data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. You can request data deletion at any time from your account settings.
We do not sell your personal information to third parties. We only share data with trusted service providers (like Firebase, Stripe, and OpenAI) that are necessary to provide our services, and all such providers are contractually obligated to protect your data.
We provide clear information about how we process your data in our Privacy Policy. You can review our data processing practices, request access to your data, or request deletion at any time.
We continuously monitor our systems for security threats, anomalies, and potential vulnerabilities. Our monitoring systems use automated alerts and machine learning to detect suspicious activity in real-time.
We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security issues. We also engage third-party security firms for independent assessments.
We have a comprehensive incident response plan in place to quickly detect, contain, and remediate security incidents. In the event of a security breach, we will notify affected users and relevant authorities as required by law.
All security-relevant events are logged and retained for analysis. Logs include authentication attempts, access to sensitive data, configuration changes, and system errors. Logs are encrypted and stored securely.
Use a strong, unique password for your CallMap account. We recommend using a password manager to generate and store secure passwords. Never share your password with anyone.
Regularly review who has access to your workspaces and remove access for users who no longer need it. Only grant workspace access to trusted team members with appropriate roles.
If you use API keys, keep them secure and never commit them to version control or share them publicly. Rotate API keys regularly and revoke any keys that may have been compromised.
If you notice any suspicious activity on your account, such as unauthorized access or unexpected changes, contact us immediately at security@callmap.ai.
If you discover a security vulnerability, have security concerns, or need to report a security incident, please contact us immediately:
Security Team
Email: security@callmap.ai
For security vulnerabilities, please include as much detail as possible about the issue. We appreciate responsible disclosure and will work with you to address any security concerns promptly.
Well, well, well... if you've read this far, you must really care about security! Or maybe you're just really bored. Either way, we appreciate your dedication. 🎉
As a reward for your thoroughness (or your boredom), we've hidden a little security-themed game here. It's like Flappy Bird, but with firewalls instead of pipes. Because what's more secure than a bird navigating through security barriers? Nothing, that's what.
P.S. - If you're a security auditor reading this, yes, we know this is silly. But hey, even security professionals need to have fun sometimes! 😄
Join thousands of teams using CallMap to transform their meetings into actionable insights.