We take a lot of pride in delivering a secure and reliable product and protecting our customers’ information. Security is an ongoing process and we strive to keep improving. Below, is an overview of our security practices, protocols, and tooling. We’re always available to answer questions on this topic - just send us a note to [email protected]

Infrastructure

We utilize the Amazon Web Services platform. Your communications are secured using 256-bit AES encryption and your data is stored in redundant databases across several physical locations for both security and availability purposes.

Our services are protected by Cloudflare. You can view our status page here.

Data

We perform daily backups of all our databases and hourly backups of several high-priority databases. Your data is retained as long as you need it.

We support data privacy principles such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). While we support many common tasks like deleting user and account data, you can contact our Support Team to request your data to be removed from all our systems.

Application

Text messages are encrypted in transit between the OpenPhone application and the carrier.

Calls are made using WebRTC technology, which means signaling for call setup is executed using WebSockets via TLS to provide complete privacy and data integrity.

Compliance

We maintain an audit log of all events and account changes across your organization. We are able to provide it upon request.

Billing / Payments

We use the best-in-class payment processor, Stripe. Stripe is PCI compliant and certified to PCI Service Provider Level 1, which is the most stringent level of certification available in the payments industry.

Have questions or comments? We'd love to hear from you.

Did this answer your question?