ProductAPIHelp CenterChangelogRelease Notes
Dashboard
ProductSecurity & Compliance
Kayse AI

Appearance

Security & Compliance

Learn how Kayse AI keeps your data safe and helps you follow the rules. 🔒

🌟 Overview

Kayse AI is built with security baked in from the start. We use industry-standard practices to protect your data and help you stay in line with regulations.

🔐 Data Security

Encryption

LayerProtection
In TransitAll data is scrambled using TLS 1.2+ while it travels
At RestStored data is locked with AES-256 encryption
BackupsBackups are encrypted with secure key management
APIAll API calls must use HTTPS

🏗️ Infrastructure Security

MeasureDescription
Cloud HostingRuns on top-tier cloud servers
Network IsolationPrivate networks keep customer data separate
FirewallsWeb firewalls block attacks
DDoS ProtectionProtection against overload attacks
RedundancyMultiple data centers for reliability

🏢 Data Centers

  • SOC 2 Type II certified buildings
  • 24/7 security guards
  • Fingerprint access controls
  • Climate monitoring and controls

🚪 Access Control

Authentication

FeatureDescription
Password RequirementsMinimum length and complexity rules
Two-Factor AuthenticationOptional 2FA for all users
Session ManagementSessions expire after inactivity
Single Sign-OnSSO is available if you need it

Authorization

FeatureDescription
Role-Based AccessEach role gets specific permissions
Least PrivilegePeople only get the access they need
Company IsolationData is completely separate between companies
API Key ScopesAPI keys can be limited to specific tasks

👥 User Roles

RoleAccess Level
Super AdminFull access, including billing and security settings
AdminFull feature access, but can't change security settings
UserCan only access assigned cases and basic features
ClientPortal access only — can see their own data

📝 Audit Logging

What Gets Logged

Every important action is recorded:

CategoryExamples
AuthenticationLogins, logouts, failed attempts, 2FA events
Data AccessViewing records, searching, exporting
Data ChangesCreating, updating, deleting records
SettingsChanging settings, managing users
API ActivityAPI calls with times and results
CommunicationsMessages sent, calls made

📅 Log Retention

PlanRetention Period
Standard90 days
Professional1 year
EnterpriseUp to 7 years (you choose)

Accessing Logs

  1. Go to Settings → System Log
  2. Filter by date, person, or activity type
  3. Export for your records

🏥 HIPAA Compliance

For organizations that handle health info (PHI):

HIPAA Features

FeatureDescription
BAA AvailableBusiness Associate Agreement for covered groups
PHI EncryptionExtra encryption for health information
Access LoggingDetailed records of who looked at health info
Minimum NecessaryRole-based access limits who sees what
Breach NotificationSteps to follow if there's a security issue

Turning On HIPAA Mode

  1. Go to Settings → Company → Compliance
  2. Turn on HIPAA Compliance Mode
  3. Review and accept the extra terms
  4. Extra security controls turn on automatically

HIPAA Best Practices

  • Turn on 2FA for everyone
  • Use role-based access control
  • Review audit logs regularly
  • Train your team on HIPAA rules
  • Keep health info out of custom fields and notes when possible

🔏 Data Privacy

Data Ownership

  • Your data belongs to you
  • We never sell your data to anyone
  • We only use your data to run the service

Data Processing

AspectPractice
LocationData is processed in the United States
SubprocessorsOnly a few trusted partners help us
PurposeData is only used to provide the service

⏳ Data Retention

Data TypeRetention
Account DataKept while your account is active, plus 30 days
CommunicationsYou choose how long to keep them
Call RecordingsYou choose (90 days by default)
Audit LogsBased on your plan (90 days – 7 years)

🗑️ Data Deletion

When you delete data:

  • It's hidden right away (soft delete)
  • Permanently erased within 30 days (hard delete)
  • Removed from backups within 90 days

📤 Data Export

You can download your data anytime:

  • Full data export available
  • Standard formats (CSV, JSON)
  • No vendor lock-in — your data goes where you go

📜 Compliance Certifications

Current Certifications

CertificationStatus
SOC 2 Type IICertified ✅
HIPAACompliant (with BAA) ✅
GDPRCompliant ✅
CCPACompliant ✅

Compliance Reports

Request compliance documents:

  • SOC 2 reports (under NDA)
  • Security questionnaire answers
  • Penetration test summaries

Contact security@kayse.ai for compliance questions.

🛡️ Application Security

Secure Development

PracticeDescription
Code ReviewAll code is reviewed before it goes live
Security TestingRegular security checks
Dependency ScanningAutomatic scans for known problems
Penetration TestingYearly outside security tests

Vulnerability Management

ProcessDescription
MonitoringAlways watching for new issues
PatchingCritical fixes go out within 24–48 hours
DisclosureResponsible disclosure program

Security Headers

  • Content Security Policy (CSP)
  • HTTP Strict Transport Security (HSTS)
  • X-Frame-Options
  • X-Content-Type-Options

📡 Communication Security

🎙️ Call Recording Security

MeasureDescription
EncryptionRecordings are encrypted when stored
Access ControlOnly people with the right role can listen
RetentionYou set how long to keep them
DeletionSecurely deleted when time is up

💬 Message Security

ChannelSecurity
SMSSent through carrier-grade delivery
EmailEncrypted with TLS while sending
ChatEnd-to-end encrypted

🚨 Incident Response

Security Incident Process

  1. Detection — Automated tools spot the problem
  2. Assessment — We figure out how serious it is
  3. Containment — We stop it from getting worse
  4. Notification — We tell you within 72 hours
  5. Remediation — We find the root cause and fix it
  6. Review — We learn from it and improve

Reporting Security Issues

Found a security problem? Email: security@kayse.ai

We respond to security reports within 24 hours.

🔄 Business Continuity

Availability

MetricTarget
Uptime99.9% available
RTOBack up and running within 4 hours
RPONo more than 1 hour of data lost

🌐 Disaster Recovery

  • Automatic switch to backup servers if something goes wrong
  • Regular disaster recovery testing
  • Clear step-by-step recovery plans

💾 Backups

TypeFrequency
DatabaseConstantly copying data in real time
Full BackupOnce a day
Backup TestingTested every month to make sure they work

✅ Security Best Practices

For Administrators

  • Turn on 2FA for all users
  • Use strong, unique passwords
  • Review who has access every few months
  • Check audit logs for anything weird
  • Keep API keys secure
  • Change API keys from time to time
  • Set reasonable session timeouts

For Users

  • Turn on two-factor authentication
  • Don't share your login info
  • Lock your screen when you walk away
  • Report anything suspicious
  • Use secure networks
  • Keep your devices updated

For API Users

  • Never put API keys directly in your code
  • Use environment variables for keys
  • Handle errors properly
  • Watch your API usage for anything strange
  • Use IP allowlisting when you can

⚙️ Security Settings

Options You Can Change

SettingLocation
2FA EnforcementSettings → Security
Session TimeoutSettings → Security
IP AllowlistingSettings → API
Password PolicySettings → Security
Audit Log RetentionSettings → Data Retention

📬 Contact

Security Team

Compliance Inquiries

📅 Updates

This security page is reviewed and updated every few months. Last updated: February 2026.

Turn unreachable clients into paid cases.

© 2026 Kayse AI. All rights reserved.