Security is foundational to a platform handling seller PII, call recordings, and contract data. This page summarizes the practices we follow to protect your information.
Encryption
All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. Call recordings and skip-trace results are stored in encrypted object storage with restricted access.
Access control
We enforce least-privilege access internally. Production access requires multi-factor authentication and is logged and audited. Your data is logically isolated per account, and team-plan permissions let you scope what each user can see.
Infrastructure
The Service runs on hardened cloud infrastructure with automated patching, network segmentation, and continuous monitoring. Backups are encrypted and tested for restore integrity.
Compliance guardrails
Built-in TCPA and Do-Not-Call cross-referencing flags and locks restricted contacts within the dialer to reduce the risk of unlawful outreach. These are safeguards, not a substitute for your own legal compliance program.
Payment security
We do not store full payment-card numbers. Billing is handled by a PCI-DSS-compliant payment processor.
Responsible disclosure
If you believe you have found a security vulnerability, please report it to hello@wholestateai.com. We investigate all legitimate reports and will not pursue legal action against good-faith researchers who follow this process.
Contact
For security or data-handling questions, email hello@wholestateai.com.