Security and privacy, built into every call.
harmony.ai runs voice for revenue teams in regulated industries. Security, privacy, and compliance aren't a box we tick at the end — they're built into the platform, the infrastructure, and every call we make on your behalf.
Book a demo
Architecture
How we keep your data safe.
The engineering decisions behind every harmony.ai customer's security posture.
End-to-end encryption
TLS 1.3 in transit. AES-256 at rest. Customer-managed keys on Enterprise.
Per-tenant isolation
Logs, transcripts, embeddings — siloed at the tenant level. No cross-customer training.
Data residency
US, EU, and APAC regions. You choose where transcripts and recordings live.
Sub-processor transparency
Full list published, 30-day notice on changes.
Penetration testing
Annual third-party pen-test; latest summary available under NDA.
Vulnerability disclosure
Public vulnerability disclosure program. Bounties for critical findings.
SSO & access control
SAML single sign-on, role-based access, and least-privilege admin permissions across the platform.
Call data controls
Configurable retention windows, PII/PHI redaction, and deletion on request for every recording and transcript.
Compliance
Certifications and standards.
The frameworks revenue and security teams ask about — documentation available to customers under NDA. Email security@harmony.ai.
SOC 2 Type II
Audited annually by an independent third party. Report available under NDA.
GDPR
GDPR-ready: DPA on request, EU data residency, and honored data-subject requests.
HIPAA
HIPAA BAA available on signature for healthcare workloads; PHI stays in your perimeter.
CCPA
CCPA-aligned: consumer data rights, opt-outs, and no sale of personal data.
Run voice AI in your regulated environment.
Book 20 minutes — we'll walk your security team through the architecture and share reports under NDA.
Book a demo