Handling your calls and customer data with care.
Capturing leads means handling real customer information. Here's how we think about security and data — described honestly, with no claims we can't stand behind.
How we approach security
These are the principles and practices we work to. As an early-stage product, we focus on getting the fundamentals right around real customer call flows.
Data minimization
We collect only what's needed to capture and route a lead — caller, callback number, reason for the call, and the details you ask for. No more than the workflow requires.
Access controls
Access to lead data is limited to the people and systems that need it to do their job, and is scoped to your account's workflows.
Secure integrations
Lead routing to email, SMS, CRM, or webhooks is configured per account. We use reputable service providers and pass through only the data the destination needs.
Monitoring
We keep structured records of captured calls and how each lead was routed, so issues can be noticed, investigated, and corrected.
Responsible automation
ASAI stays within its configured scope. It doesn't make promises it can't keep and tells callers it's an automated assistant when asked.
Human escalation
When a call needs a person — an emergency or anything outside scope — it's routed to a human according to your escalation rules rather than handled blindly.
Production is sacred
We treat live customer call flows as something to protect. Changes are made carefully, and real production traffic is not used as a testing ground.
No fake data in production
Production runs on real, verified workflows. We don't seed live systems with placeholder leads or staged demo records.
Least-privilege access
Systems and integrations are granted the narrowest access that lets them do their job — and no broader standing permissions than necessary.
Vendor & integration transparency
We're upfront about the providers and integrations involved in your setup, and we confirm what fits your environment during onboarding.
What we don't claim
We believe trust is earned by being straight with you. To be clear about our scope:
- We do not claim SOC 2 or HIPAA compliance.
- We do not use phrases like “bank-level security.”
- We do not offer unverified guarantees about security outcomes.
- We do not promise that data can never be accessed, intercepted, or lost — no honest provider can.
Instead, we describe our practices honestly and tell you what's actually involved in your setup. If your business has specific compliance requirements, talk to us during onboarding so we can be clear about what is and isn't a fit.
Have a security question?
We're happy to talk through how ASAI handles your calls and data, and what your setup would involve. Reach out and we'll give you a straight answer.
Ready to stop letting good calls disappear?
We'll map your current call flow and show you exactly where leads may be slipping through — no pressure.