Secure by design.
Engineered, not bolted on.
Sales calls collect sensitive data — SSN, DOB, bank details. So security here is the architecture, the engineering discipline, and the way it ships — enterprise-grade by design, development, and operation. Not a checkbox bolted on at the end.
secrets reach the client
PII redaction
data isolation
webhooks, replay-proof
The sensitive data never travels unguarded.
Standby treats every call like it carries the most regulated data in the building — because it does. Protection is enforced at the layer where it matters, before anything reaches a model, a log, or a screen.
PII redaction before AI & logs
SSN, DOB, phone, and bank routing/account are scrubbed before anything reaches a model or a log.
Encryption in transit & at rest
Every connection is TLS-encrypted in transit, and stored data is encrypted at rest by default.
Zero-retention AI
The model runs server-side with zero data retention — redacted transcripts are never logged or used to train models.
No secret ever reaches the client
Provider keys and signing secrets live server-side only — the browser never holds anything sensitive.
One team's data is sealed off from every other.
Isolation isn't an app-layer convenience — it's enforced in the database and reinforced by least-privilege access and full audit trails. Defense in depth, by default.
Org-scoped auth + MFA
Every session is bound to an organization, and multi-factor authentication protects every login.
Row-level security isolation
Postgres row-level security enforces per-tenant boundaries in the database — defense in depth, not just app checks.
Least-privilege access
Services and roles get only the access they need — nothing reaches data it has no reason to touch.
Audit logging of sensitive actions
Access to and changes against sensitive data are recorded for review, attribution, and accountability.
Hardened at every boundary, not just the front door.
Application security is a discipline applied to every request, every input, and every dependency — mapped against the OWASP Top 10 and enforced in the build itself.
Input validation at every boundary
All external data — requests, payloads, webhooks — is schema-validated before it's ever processed.
Rate limiting + body-size caps
Per-tenant rate limits and strict payload-size limits blunt abuse and resource-exhaustion attacks.
Strict security headers + CSP
A locked-down Content-Security-Policy and hardened response headers shrink the browser attack surface.
HMAC-verified webhooks
Every inbound event is signature-checked with a per-tenant secret and replay-protected.
Structured errors, no leaks
Errors return safe, structured responses — internals, stack traces, and secrets never reach a client.
Dependency & secret scanning in CI
Every build scans dependencies for known vulnerabilities and blocks committed secrets before they ship.
The transcript is treated as untrusted.
Whatever a caller says could try to steer the model — so it doesn't get the chance. System prompts are prompt-injection-aware, sensitive data is redacted before the model ever sees it, tool use is tightly scoped, and the model only ever assists the rep. It never takes actions on its own — no dialing, no commitments, no writes it wasn't explicitly given.
Security is a step in shipping, not an afterthought.
Every change moves through the same gates — written carefully, reviewed, scanned, and proven before it ever touches a real customer's data.
Built with security in the loop
Changes are written against established patterns — validated inputs, scoped access, no secrets in code.
Code review on every change
Nothing merges without human review — security-sensitive paths get extra scrutiny before they land.
Dependency + secret scanning
CI scans every build for vulnerable dependencies and committed secrets, blocking risky changes automatically.
Pre-launch security gate
A security gate and penetration test must pass before any real customer data ever flows through the system.
Ongoing monitoring
In production, the system is monitored continuously so anomalies surface fast and get addressed quickly.
The controls regulated lines actually need.
Security in operation means giving each team the levers to meet its own compliance posture — retention, consent, and data ownership, all under your control.
Configurable retention
Tune how long data is kept, including long-term encrypted retention for regulated lines that require it.
Consent-aware call handling
Per-state disclosure logic for two-party-consent states and California's AB 2905 AI-disclosure rule.
Assist-only — never auto-dials
Standby never auto-dials. The rep places every call; the AI only assists once a human is on the line.
Tenant-scoped export & deletion
Each tenant can export or delete its own data on request — scoped to that tenant, and only that tenant.
The questions security teams ask first.
No. Standby runs models server-side with zero data retention — redacted transcripts are never logged for training and are never used to train any model, ours or a provider's. Your calls stay your calls.
Isolation is enforced in the database with Postgres row-level security under org-scoped authentication, so a tenant can only ever see its own rows. It's defense in depth — the boundary holds even if application logic is wrong — and it's reinforced by least-privilege access and audit logging.
Org-scoped authentication with MFA is standard, and SSO is available for enterprise plans so your team can sign in through your existing identity provider. Talk to us about your provider and we'll walk through the setup.
Yes. We're happy to complete security questionnaires, share our compliance posture, and walk your team through the architecture, controls, and development lifecycle. Reach out and we'll route you to the right materials and people.
Sensitive PII — SSN, DOB, phone numbers, and bank routing/account details — is redacted before anything reaches a model or a log. Data is encrypted in transit and at rest, and no provider key or signing secret ever reaches the client.
Retention is configurable per tenant, including long-term encrypted retention for regulated lines that require it. Call handling is consent-aware, with per-state disclosure logic for two-party-consent states and California's AB 2905 AI-disclosure rule.
Put it in front of your security team.
Walk the architecture, controls, and lifecycle with us — questionnaire welcome. Built for the most sensitive data on a sales call.
No credit card. We'll never auto-dial — Standby is assist-only.