Security & compliance
How Intellivo supports regulated and high-trust buyers. This page explains our controls — it is not legal advice.
Infrastructure
Hosted on Vercel with HTTPS everywhere. Database and auth via Supabase with row-level security per organization. Service-role operations are limited to server-side API routes.
TCPA & outbound calling
Campaigns require recorded consent before dialing. Calling hours enforcement blocks starts outside permitted windows. You are responsible for maintaining accurate consent records for your contact lists.
HIPAA (Enterprise)
HIPAA mode is available on Enterprise plans with a signed Business Associate Agreement (BAA). Includes configurable recording retention and audit logging. Not all integrations are HIPAA-eligible — review your stack before enabling PHI workflows.
SOC 2
We follow SOC 2-aligned controls across access management, logging, and change management. Formal SOC 2 Type II certification is in progress — contact sales for current status and security questionnaire responses.
Audit logs
Dashboard changes to agents, settings, API keys, and team membership are recorded in org-scoped audit logs. Call intelligence (summary, sentiment, quality score) is stored per call for review.
Data retention
Recording retention is configurable per organization. Transcripts and call metadata are retained according to your plan settings. Request deletion via Help & contact.
See also Privacy Policy and Terms of Service. Enterprise security reviews: contact sales.