Security
How we protect your data
In effect from · July 8, 2026
Security is foundational to a platform that answers your phone, reads your inbox and analyses your revenue. This page summarises the practices of Volume Labs Private Limited. Details evolve as the platform matures; material changes are reflected here.
1. Data encryption
- All traffic is encrypted in transit with TLS 1.2+.
- Data at rest — including conversations, recordings and knowledge bases — is encrypted with industry-standard algorithms (AES-256 class).
- Secrets and API keys are stored in a managed secrets vault, never in code.
2. Tenant isolation
- Every workspace’s data is logically isolated with tenant-scoped access enforcement at the API layer.
- Your company AI model and knowledge base serve only your workspace. Customer Data is not used to train models for other customers without explicit agreement.
3. Access control
- Role-based access (Owner, Admin, Agent, Analyst) with least privilege.
- Internal access to production is restricted to authorised personnel, protected by SSO/MFA, and logged.
- Support access to a customer workspace happens only with permission and is auditable.
4. Application security
- Secure development lifecycle: code review, dependency scanning and static analysis in CI.
- Protection against the OWASP Top 10 — input validation, output encoding, CSRF protection and rate limiting.
- Audit logging of security-relevant events.
5. AI-specific safeguards
- Guardrails: topic blocklists, escalation triggers, confidence thresholds and compliance modes are enforced server-side before AI output is delivered.
- Prompt-injection and data-exfiltration defences on knowledge-base retrieval.
- Call recording notices and PHI/PII redaction options for regulated configurations.
6. Infrastructure & continuity
- Hosted on reputable cloud infrastructure with network segregation and managed firewalls.
- Automated backups with periodic restore testing; documented incident response runbooks.
- Status and incident notifications to affected customers without undue delay, as required by law.
7. Payments
Card data is processed by PCI-DSS compliant payment providers. We do not store full card numbers on our systems.
8. Responsible disclosure
We welcome good-faith security research. Report suspected vulnerabilities to labsvolume@gmail.com with steps to reproduce. Please avoid accessing other customers’ data, degrading the Service, or public disclosure before we have had a reasonable opportunity to remediate. We acknowledge reports within 48 hours and keep you informed through resolution.
9. Your part
- Use strong, unique passwords and enable available account protections.
- Scope integration credentials narrowly and rotate API keys periodically.
- Configure guardrails and escalation rules appropriate to your industry (see the Privacy Policy for data-handling details).
10. Contact
Security questions or reports: labsvolume@gmail.com
Volume Labs Private Limited, C-254 Raksha Vihar Colony, Parwaliya Sadak, Fanda, Bhopal, Madhya Pradesh, India — 462030
