Security & Compliance

Built for trust and compliance

We take data protection seriously. Yapsolutely is designed to meet the requirements of major privacy and telecommunications regulations.

GDPR

General Data Protection Regulation

Data processing agreements (DPA) available on request

Right to access, rectify, and delete personal data

Data portability - export your data at any time

Lawful basis for processing documented for all data flows

Sub-processor list maintained and available

72-hour breach notification commitment

California Consumer Privacy Act

Right to know what personal information is collected

Right to delete personal information

Right to opt out of sale of personal information

We do not sell personal information to third parties

Non-discrimination for exercising privacy rights

Telephone Consumer Protection Act

AI disclosure requirements documented in Terms of Service

Users must ensure callers are informed they are speaking with AI

Platform supports consent-based call handling workflows

Do-not-call list integration guidance provided

Call recording consent workflows available

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL.

Hosted on dedicated infrastructure with network isolation, automated backups, and access controls.

Role-based access, session-based authentication, bcrypt password hashing, and OAuth 2.0 support.

All third-party providers (Twilio, Deepgram, Anthropic) operate under data processing agreements with SOC 2 compliance.

Full call logs, transcript history, and system events recorded for compliance and review purposes.

Primary infrastructure in US data centers. Contact us for specific data residency requirements.

If you need a DPA, have questions about data handling, or require documentation for your compliance review, reach out to our team.