Security & Compliance

Your business data stays in Canada. Always.

Vocatively is built from the ground up with privacy at its core — PIPEDA compliant, with Canadian-hosted infrastructure and encryption at every layer.

PIPEDA

Canada

Canadian Data

Toronto, ON

Encrypted

At rest & in transit

PCI DSS

via Stripe

Canadian Data Residency

Your data never leaves Canada

Unlike many US-based platforms, Vocatively stores all business data in Canadian data centres. Your callers' information never crosses the border.

Database hosted in Toronto, Canada (ca-central)
No business data processed or stored in the United States
Full compliance with PIPEDA fair information principles
Automated 90-day data retention with anonymization

Primary Database

Toronto, Canada

ca-central region

Encryption

Encrypted

At rest and in transit (TLS 1.3)

Data Retention

3-Tier

Detailed records anonymized after 90 days; analytics retained

How we protect your data

Security isn't a feature we added — it's the foundation we built on.

Encryption Everywhere

Encryption at rest for all stored data
TLS 1.3 for all data in transit
SSL-required database connections

Access Controls

Role-based access (Owner, Admin, Staff)
Brute-force login protection
Per-organization data isolation

Secure Infrastructure

Canadian-hosted managed database
Automated backups and disaster recovery
Real-time error monitoring and alerting

Audit Trail

Complete email delivery logs
Call activity and access records
Timestamped system event logging

Secure Communications

Encrypted email delivery
No sensitive data in email notifications
Secure dashboard for sensitive content

Payment Security

Stripe PCI-DSS Level 1 certified
No card data stored on our servers
Tokenized payment processing

Our AI Data Commitments

Zero-retention AI processing
Your call data is not stored by our AI providers after processing
Never used for training
Your business data is never used to train, retrain, or improve AI models
Caller identity protection
Phone numbers are cryptographically hashed — even we can't reverse them
Automatic data cleanup
Detailed call records anonymized after 90 days; anonymized analytics retained for trends

AI & Privacy

AI that respects your callers' privacy

Our AI receptionist handles sensitive conversations every day. We designed our AI pipeline with privacy as the default, not an afterthought.

Call Intelligence analyses calls for sentiment, category, and revenue opportunities — but only stores structured metadata. No raw transcripts. No caller identifiers exposed. No training on your data.

Email notifications include only contact information and generic call types — never sensitive details. All detailed call content is accessible only through your authenticated, encrypted dashboard.

Compliance frameworks we follow

Vocatively meets the privacy and security requirements that Canadian businesses expect.

PIPEDA

Personal Information Protection and Electronic Documents Act (Canada)

Canada's federal privacy law for private-sector organizations. We adhere to all 10 fair information principles outlined in PIPEDA.

Accountability — designated privacy practices and oversight
Limiting collection and use — only what is necessary
Individual access — export or delete your data on request

PCI DSS

Payment Card Industry Data Security Standard

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified service provider — the highest level of payment security certification.

No credit card numbers stored on our servers
Tokenized payment methods via Stripe Elements
Webhook signature verification for all payment events

Report a Vulnerability

If you discover a security issue, please report it responsibly. We take every report seriously and will respond within 24 hours.

security@vocatively.app

Compliance Questions?

Have questions about data handling or need documentation for your compliance review? Our team is here to help.

compliance@vocatively.app

Ready to see it in action?

Start your free trial — no credit card required. Canadian data residency from day one.