BKB Voice Trust Center

Compliance-first isn’t marketing for us — it’s architecture. This page documents the controls, processes and third parties that protect your data when you use BKB Voice. Every claim is backed by code you can inspect, a policy we publish, or a subprocessor we name.

TLS for all traffic

TLS 1.2+

Rate-limit on public APIs

All routes

Audit log retention

12 months

Breach notification window

≤ 72h

Pillars of the BKB Voice control environment

Each pillar links to a public page detailing the specific controls, evidence and vendor posture for that domain.

Security

Defense-in-depth controls across network, application and data layers. TLS everywhere, hardened CSP, rate limiting and immutable audit logging.

SOC 2 Readiness

The BKB Voice platform is engineered against the AICPA Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy).

Privacy

Data minimisation by default, documented retention windows and a formal Data Subject Request process for access, deletion, correction and export.

Subprocessors

A current list of every third party that may process customer or lead data, with purpose, region and safeguards.

Data Processing Addendum

Standard DPA reflecting GDPR Art.28 processor obligations. Available to every enterprise customer at contract signature.

Incident Response

Documented detection, containment, eradication and notification workflow. Customer notification within 72 hours of confirmed breach.

SOC 2 posture at a glance

BKB Voice is engineered to the SOC 2 Trust Services Criteria issued by the AICPA. The platform implements the technical and organisational controls required for a Type II examination across the Security, Availability, Confidentiality, Processing Integrity and Privacy categories.

A SOC 2 Type II audit is the independent attestation produced by a licensed CPA firm over a continuous observation window of at least three months. BKB Voice has already implemented the readiness work — detailed in theSOC 2 Readiness page— and the final attestation report is available to prospective customers under NDA.

View SOC 2 Readiness Request the SOC 2 report (NDA) →

Report something

Found a security issue or have a compliance question?

Security vulnerabilities
[email protected]
Please include reproduction steps. We acknowledge within one business day.
Privacy and data subject requests
Submit a privacy request →
Or email [email protected].