Voley
SolutionsPricingContact

Security at Voley.

We take the protection of your data seriously. Voley is built with secure-by-default patterns, strong encryption, and modern authentication.

Encryption

All data encrypted in transit and at rest. Messages protected with industry-standard encryption algorithms.

Authentication

Secure authentication powered by Stytch, server-side session validation, and role-based access control.

Application Security

CSRF protection, comprehensive input validation, and a strict Content Security Policy with secure headers.

Compliance

GDPR-aligned practices

Identity

Stytch-powered auth

Sessions

Server-validated tokens

How we protect your data.

Security is built into every layer of Voley, from authentication to infrastructure.

Authentication & Sessions

  • Secure authentication powered by Stytch
  • Server-side session validation on every request
  • Secure token management with automatic rotation
  • Role-based access control (RBAC)
  • Short-lived tokens for real-time connections

Platform Security

  • TLS encryption on all connections
  • Content Security Policy and secure headers
  • CSRF protection on all state-changing operations
  • Comprehensive input validation and sanitization
  • End-to-end message encryption

Data Handling

  • Secure cookie-based authentication
  • SQL injection protection
  • File upload restrictions and validation
  • Encrypted data storage

Operations

  • Audit logging for security events
  • Real-time monitoring and alerting
  • Encrypted backups with tested recovery procedures
  • Hardened production environment

Compliance & certifications

We maintain rigorous standards to meet the regulatory needs of insurance agencies.

SOC 2 Type II

In progress

Audit scope covers security, availability, and confidentiality trust service criteria. Controls mapped to immutable audit trails, encryption, RBAC, and infrastructure monitoring.

TCPA & A2P 10DLC

  • Immutable consent records with SHA-256 hashed disclosure
  • All 8 CTIA opt-out keywords honored instantly
  • Consent state captured per-message for dispute defense
  • Brand & campaign registration via Twilio ISV API

TCPA guide · 10DLC guide

CCPA & GDPR

  • Right to access, delete, and export personal data
  • Organization-level hard delete with full data purge
  • CSV export for contacts, conversations, and audit trails
  • No sale of personal information to third parties

Privacy policy

Regulations we address

TCPA (47 U.S.C. § 227)CTIA Best PracticesCAN-SPAM ActA2P 10DLCCCPA / CPRAGDPRCIPA (Cal. Penal Code § 631)FCC SHAFT RulesFTC Telemarketing Sales RuleInsurance E&O / DOI

Encryption at rest

AES-256-GCM

Messages & credentials

Audit trails

Immutable

DB-level triggers prevent tampering

Content guardrails

E&O protection

Insurance-specific phrase scanning

Continuous improvement

We're always working to enhance security. Here's what's on our roadmap.

SOC 2 Type II certificationMulti-factor authenticationEnhanced rate limitingAdvanced key management

Have questions about our security?We're here to help.

Contact our team