Trust at Dialpad

Protecting customer data and communications

Security Features

  • Role-based access model
  • Encryption

From single sign-on capabilities to automated user provisioning, Dialpad offers integrations for access management via SAML and SCIM from providers like Azure, GSuite, OneLogin, Okta, and more.

Reach out to our sales team to inquire about our full vendor list.

Dialpad allows admins to control which teams and individuals have access to certain features from a company, office, department, or user level. Granular permission levels can also be assigned for integrations across the platform.

See additional details on access management settings here.

Communications across Dialpad applications are encrypted using modern security standards. Calls over the VoIP network, as well as in transit web requests are encrypted using TLS and application data that is permanently stored at rest uses AES 256-bit within Google Cloud Platform.

To read more about our encryption practices see here.


GDPR and Privacy Shield

Dialpad helps organizations to meet their GDPR compliance requirements through features such as retention policies, data subject access requests, and individual consent mechanisms. Dialpad offers customers a Data Protection Agreement (DPA). Dialpad is also Privacy Shield compliant. Please see Dialpad’s Privacy Shield Status here.

SOC2® Type II

Dialpad is SOC2® Type II compliant. We have performed a third-party audit to certify that we have implemented controls that are designed and operate effectively to meet the objectives of the AICPA Trust Services Principles. To obtain a copy of the report reach out to our sales team.


Most Dialpad products, including UberConference, can be used compliantly by healthcare industry customers once a Business Associate Agreement has been signed with Dialpad. For additional details for how we can help you meet the Privacy and Security Rule Requirements see Dialpad's HIPAA Compliance Datasheet.


Dialpad is a member of the Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR). Dialpad has completed the Consensus Assessment Initiative Questionnaire (CAIQ) and has posted the results within the registry. The completed questionnaire can be found here.

Privacy Features

Customizable retention policy

Enterprise customers can set their own retention policies to remove, archive, or anonymize data on a custom time interval.

Call recording capabilities

Dialpad allows admins to configure the call recordings settings to comply with applicable laws—including the ability to play automated prompts to alert callers. In-call indicators within the applications also allow for clear visibility of recording.

Data Ownership

Dialpad offers analytics and export capabilities for sensitive data that can be managed by the administrators. Data subject access requests are also available in our help center.

Frequently Asked Questions

Can Dialpad help us meet PCI compliance requirements?

Dialpad offers two options to customers in order to help them maintain their PCI Compliance.

Option 1: Agents have the capability to pause their recordings in order to take payments data over a call
Option 2: Dialpad offers an API to programmatically stop/restart recordings for users based on actions taken in payment systems.

Are Dialpad’s integrations secure?

Native authentication and authorization mechanisms are used for the integrations built with our partners to ensure that permissions and data are accessed through verified protocols such as OAuth. Dialpad also gives customers control to manage the integrations to turn on and off data or permission access at the source. Furthermore, Dialpad goes through regular security reviews of its integrations with providers such as Google and SalesForce to be listed on the providers’ application directories.

Does Dialpad protect against spam calls?

Call blocking and spam prevention features are provided to each user. Dialpad also performs spam recognition and gives capabilities for users to block callers with high spam scores. See the following page for additional details

How does Dialpad protect against web application attacks?

Quarterly penetration tests are run by an independent third-party tester on our new features and products to test against web application attacks, such as those identified within the OWASP Top 10. Dialpad also enables security scanners and security checks in continuous integration pipelines to ensure that common web application attacks are mitigated prior to deploying new releases. Dialpad also implements technical controls such as rate-limiting to protect against unauthorized traffic attacks.

Does Dialpad have an incident management process?

Dialpad follows the NIST Guidelines for incident response. Per our Terms of Service and contractual obligations, Dialpad will notify customers of any breach involving their data. Dialpad is committed to compliance with all applicable breach notification laws and regulations.

Does Dialpad have a policy on government data demands?

To protect our customers’ data and fulfill our legal obligations, Dialpad has adopted a standardized and stringent review process for all government data requests. Read more about Dialpad’s review process and view transparency
                                                                        x-forwarded-proto: https
                                                                                                            via: 1.1 google
                                                                                                            x-appengine-city: ?
                                                                                                            x-appengine-country: US
                                                                                                            x-appengine-region: ?
                                                                                                            x-appengine-citylatlong: 0.000000,0.000000
                                                                                                            x-cloud-trace-context: bcb4f753bcbdf97d5ef857f22d934373/16361557583725965227
                                                                                                            user-agent: Elastic-Crawler (8.2.3) Elastic Cloud (; fd2394d30454481397b0fea1872ab189)
                                                                                                            accept-encoding: gzip, x-gzip, deflate, br