Security you can trust.
Built with end-to-end encryption, tenant data isolation, and immutable audit logging. Security is a first-class design principle at every layer.
Encryption
All data encrypted in transit and at rest. Per-tenant encryption keys for call recordings. Encrypted media streams for every voice call.
Access Control
Token-based authentication on all endpoints. MFA enforced for admin roles. SSO support (SAML/OIDC) on Enterprise plans. Account lockout with progressive alerting.
Compliance
PIPEDA-aligned for Canadian operations. GDPR-aligned with data subject rights support including deletion on request. HIPAA-eligible on Enterprise plans. STIR/SHAKEN verified.
Monitoring
Immutable audit logs for every write action. Continuous anomaly detection. Defined incident response process with post-incident review. 1-year minimum audit retention.
Compliance & certifications
PIPEDA
Aligned
GDPR
Aligned
HIPAA
Eligible (Enterprise)
STIR/SHAKEN
Supported
Responsible disclosure
If you believe you have discovered a security vulnerability in GetWhistle, please report it responsibly. Email our security team at security@getwhistle.app. We investigate all reports and respond within 2 business days. We do not pursue legal action against researchers who report in good faith.
Questions about our security posture?
Our team is happy to discuss security architecture, compliance requirements, and deployment options.