ATI.Labs
Sign in
Security & trust center

Voice is customer data.
We treat it that way.

Everything your security review will ask, published. Where we're still earning a certification, we say so and show the date we expect it.

CBUAE-aware workflowsUAE PDPLTLS 1.3AES-256UAE data residency
01 · Controls & certifications

The control surface.

SOC 2 Type II
In progress · audit underway
TLS 1.3
All data in transit
AES-256
All data at rest
RBAC + SSO
SAML / OIDC, role-based access
Audit logging
Every access to customer data
Pen testing
Annual third-party engagement
02 · Data residency

Your region. Your rules.

Voice processing, transcripts and records pinned to the region you choose. Cross-region replication only if you turn it on.

UKLondonLive
IndiaMumbaiLive
UAEDubaiLive
USN. VirginiaLive
03 · Practices

How we operate.

Data handling

We don't train models on your customer data. Conversation content is never used for our own purposes. Configurable retention from 24 hours to 7 years.

Tenant isolation

Multi-tenant isolation enforced at the database layer, with per-tenant encryption keys and isolated audio pipelines.

Residency

Pin voice processing and storage to a region. Audio, transcripts and CRM records never leave it.

Access

Production access is role-based, time-boxed and logged. Customer data access requires a ticketed reason.

Continuity

Multi-region autoscale, 99.9% uptime SLA, documented disaster-recovery runbooks with annual exercises.

Subprocessors

Published subprocessor list with change notifications. DPA available for all paid plans.

Put your security team in a room with ours.

Architecture review, DPA, subprocessor list and the SOC 2 roadmap, all on the table.