Security & Trust Center
TurboCall is built for businesses that handle sensitive customer conversations. SOC 2 Type II certified, GDPR compliant, and encrypted end-to-end on every plan.
Certifications & Compliance
SOC 2 Type II
TurboCall is SOC 2 Type II certified. Our annual audit covers security, availability, and confidentiality trust service criteria. Certification is conducted by an independent AICPA-accredited auditor.
Audit completed annually. Contact us at [email protected] to request a summary attestation letter for your compliance review.
GDPR Compliant
TurboCall processes and stores data in compliance with the EU General Data Protection Regulation (GDPR). Customers can designate EU data residency for all call data and personal information.
Data Processing Agreements (DPAs) are available upon request. Contact [email protected].
Security Controls
Every TurboCall account — including the Free plan — is protected by the same enterprise security infrastructure.
AES-256 Encryption at Rest
All call recordings, transcripts, and customer data are encrypted at rest using AES-256 encryption on all plans.
TLS 1.2+ in Transit
All data transmitted between TurboCall systems and your browser or API is encrypted using TLS 1.2 or higher.
Isolated Tenant Architecture
Each TurboCall account runs in an isolated environment. Customer data is never shared across tenants.
Access Logging & Audit Trails
All administrative access to customer data is logged with timestamps, IP addresses, and user identifiers. Logs are retained for 90 days.
Vulnerability Disclosure Program
TurboCall operates a responsible disclosure program. To report a security issue, email [email protected].
EU Data Residency Option
Enterprise customers can elect EU data residency, ensuring call data and personal information is stored and processed within EU infrastructure.
Data Handling & Retention
Call Recordings
Call recordings are stored encrypted and are accessible only to the account holder. Recordings can be downloaded or deleted at any time from the dashboard. Deletion requests are processed within 7 business days.
Transcripts and Lead Data
Call transcripts and captured lead data are stored in isolated per-account storage. Data is never shared with other TurboCall customers. Export is available in CSV or JSON format at any time.
Account Deletion
When an account is deleted, all associated data — recordings, transcripts, contacts, and configuration — is permanently deleted within 30 days. Backups containing the data are purged within 90 days per our backup retention policy.
Sub-Processors
TurboCall uses a limited list of sub-processors for cloud infrastructure, telephony, and AI processing. A current list of sub-processors is available upon request. Contact [email protected] for the full sub-processor list and DPA.
Security Questions?
For security reviews, DPA requests, SOC 2 attestation letters, or to report a vulnerability, contact our security team directly.