Security, privacy and control

An AI agent should act only inside agreed boundaries.

A production deployment touches conversations, guest context and operational systems. Before launch, Yourcall and the customer must document what data is used, what actions are permitted, when a person takes over and how outcomes are reviewed.

No unverified badges

This page is a procurement starting point, not a certification claim. Ask for the current security pack, architecture, subprocessors, contractual terms and certification status applicable to your proposed deployment.

Deployment controls

Review the whole path from conversation to system action.

01 · DATA

Map the information

Identify conversation, caller, reservation and operational data required for the use case.

02 · ACCESS

Scope permissions

Document the systems, accounts, fields and actions the deployment is expected to use.

03 · NOTICE

Inform callers

Agree disclosure, recording and consent language for the channel and jurisdictions involved.

04 · ACTION

Set hard boundaries

Define which actions may be completed, require confirmation, need review or are prohibited.

05 · HANDOFF

Escalate safely

Route sensitive, complex, high-value or uncertain conversations to an accountable person.

06 · RETENTION

Control the record

Agree access, storage, retention and deletion requirements for transcripts and outcomes.

What a security review should produce

The output should be a deployment-specific record that procurement, legal, security and operations can evaluate without relying on marketing shorthand.

Architecture

Systems, providers, data movement, environments, authentication and dependencies.

Data map

Data categories, purposes, access, subprocessors, retention and deletion expectations.

Action matrix

Permitted reads and writes, confirmation rules, blocked actions and human ownership.

Test plan

Normal calls, edge cases, abuse, system failures, duplicate protection and escalation tests.

Operating plan

Monitoring, access review, change control, support contacts and incident escalation.

Contractual record

Applicable agreement, privacy terms, service scope and any current security evidence.

Documents to request

Evaluate the current deployment, not a generic promise.

Availability and applicability will depend on the proposed architecture and contract.

Security and privacy

  • Current security overview and architecture
  • Subprocessor and hosting information
  • Data processing terms
  • Access and retention approach
  • Current certification or audit evidence, if any

Operational assurance

  • Integration and permission scope
  • Conversation and action test plan
  • Human escalation and fallback rules
  • Change, support and incident contacts
  • Pilot acceptance and review criteria
FAQ

Questions for your security review.

Which security certifications does Yourcall hold?

This public page intentionally does not claim a certification. Ask Yourcall for the current security documentation and certification status during procurement, and assess it against your organisation's requirements.

Where is Yourcall customer data hosted?

Hosting and data-location requirements must be confirmed for the proposed deployment. Request the current architecture, subprocessors and available residency options before signing.

Are AI calls recorded?

Recording, transcription and retention should be configured for the use case and applicable law. The customer and Yourcall must agree the notice, purpose, access, retention and deletion rules before go-live.

How are sensitive or complex calls handled?

The deployment defines calls and actions that must be transferred, blocked or reviewed by a person. Human handoff rules and the context passed with an escalation are tested before launch.

Start with the real architecture

Put security beside the workflow.

Share the systems, data and actions involved in your first use case. We will identify the questions and documents required for your review.