Trust & security
Built to be trusted on the phone
Calla handles your customers' calls and your business data. Here's how we keep both safe and compliant.
- Call-recording consent. Recording is handled per state law, including two-party-consent states, with a recording disclosure where required.
- AI disclosure. Calla discloses that it's an AI assistant when asked, or where the law requires it — no deception.
- TCPA-compliant outbound. Any reminders or follow-ups respect consent, calling-time windows, and do-not-call lists.
- Encryption in transit and at rest. Calls, transcripts, and customer data are encrypted; access is restricted and audited.
- Tenant isolation. Every business's data is isolated at the database level — your data is never visible to another business.
- Guardrails against bad answers. Calla quotes only from your approved pricing, never promises an unconfirmed time, and escalates to a human when it should.
- No hallucinated prices or commitments. Every quote is retrieval-gated to data you control.
On our roadmap
SOC 2 Type II — in progress, to support multi-location groups and enterprise buyers. HIPAA — for the dental/medical front-desk variant, we support a Business Associate Agreement, PHI field encryption, and a no-train-on-PHI guarantee.
Questions from your IT or compliance team? Email security@trycalla.com and we'll walk through it.