Security & trust
Small businesses hand us their phone line. We take that seriously.
Your calls, your customers, your credentials. Here is exactly how we protect them — no vague promises, just the practices running in production today.
Every integration credential you connect — calendars, inboxes, business tools — is encrypted at rest with AES-256-GCM before it touches the database.
Row-level security is enforced on our database tables, so each tenant’s data is isolated at the database layer, not just in application code.
Our cookie consent honors the browser’s Global Privacy Control signal as a binding opt-out, recorded for the audit trail. GPC can only ever narrow consent, never widen it.
Callers are told up front they’re talking to an AI assistant — on the call itself, and in a public disclosure page. Ask it if it’s a robot; it answers honestly.
Read the AI disclosureCalifornia is a two-party consent state. Every recorded call opens with a recording notice, appended automatically so no greeting can ship without it.
SMS and email marketing require recorded consent. Opt-outs are honored automatically, and quiet hours are enforced so customers are never texted at the wrong time.
SMS consent policyAll traffic runs through Cloudflare: TLS on every connection, and Turnstile bot protection on sign-in, sign-up, and contact forms.
Checkout and billing run on Stripe. Card numbers never touch Traccion servers.
The fine print, in plain language.
Questions about how we handle your data?
Ask us directly. A free 30-minute call, no pitch required.

