Sarah is answering a call right now. 1,283 booked this week.
Ansa
Book a demo
Trust & security

Built for the auditor, the insurer, and the caller.

Encrypted everything, two-party consent disclosure, BAA-eligible architecture. The compliance footnotes that matter to your business.

  • SOC 2 Type IIAudit in progress · Q1 2026 target · interim controls memo on request, under NDA
  • HIPAA-eligibleBAA available · used by veterinary & dental shops
  • 99.9%Uptime SLA · 99.95% on Multi-location plan
  • 50 statesCall-recording compliant · plus Canada
How we handle your data

What we actually do.

  1. Encryption at rest and in transit

    AES-256 at rest. TLS 1.3 in transit. Recordings, transcripts, and PII fields are encrypted at the column level.

  2. Two-party-consent recording disclosure

    Standard "This call may be recorded for quality and service" disclosure on every call. Compliant in all 50 states + Canada.

  3. Delete-on-demand

    A caller asks to be forgotten? One click in the dashboard. Recording, transcript, recap, and CRM trace are gone in under 30 seconds.

  4. Data residency in the US

    Primary storage on Supabase in AWS us-east-1. Canadian residency available on request for Multi-location accounts.

  5. SSO + role-based permissions on Multi-location

    SAML SSO with Okta, Google Workspace, or Microsoft. Owner, dispatcher, tech, and view-only roles out of the box.

  6. Annual third-party penetration testing

    Pen test report available under NDA. Findings remediated within 30 days; critical findings within 7. Public scorecard on every release.

  7. Vendor sub-processors, listed publicly

    Supabase, LiveKit, Google (Vertex AI for Gemini), Telnyx, Stripe. The full list, what each one touches, and the data they see — in our DPA.

  8. Incident response, publicly tracked

    Status page updated within 15 minutes of detection. Post-mortems within 5 business days. We tell you what happened, not what we wish had.

Documents on request

What your security team will want.

Everything available under NDA. Email us and you'll have it within one business day.

  • SOC 2 Type II report
    Targeted Q1 2026 · interim controls memo available now · PDF
    Request →
  • Penetration test summary
    Q1 2026 · Independent firm · PDF
    Request →
  • Data processing addendum (DPA)
    GDPR + CCPA aligned · counter-signable
    Request →
  • Business associate agreement (BAA)
    HIPAA-eligible plans · counter-signable
    Request →
  • Sub-processors list
    Public · updated within 30 days of any change
    Request →
  • Security whitepaper
    Architecture, controls, incident response · PDF
    Request →

Found a vulnerability? Tell us first.

Security disclosure program at security@ansa.com. We acknowledge within 24 hours, fix critical findings within 7 days, and credit researchers publicly (with their consent).

security@ansa.com →