Trust at Dialpad
Protecting customer data and communications

Security Features
- SAML/SCIM
- Role-based access model
- Encryption
From single sign-on capabilities to automated user provisioning, Dialpad offers integrations for access management via SAML and SCIM from providers like Azure, GSuite, OneLogin, Okta, and more.
Reach out to our sales team to inquire about our full vendor list.
Dialpad allows admins to control which teams and individuals have access to certain features from a company, office, department, or user level. Granular permission levels can also be assigned for integrations across the platform.
See additional details on access management settings here.
Communications across Dialpad applications are encrypted using modern security standards. Calls over the VoIP network, as well as in transit web requests are encrypted using TLS and application data that is permanently stored at rest uses AES 256-bit within Google Cloud Platform.
To read more about our encryption practices see here.
Compliance
GDPR and Privacy Shield
Dialpad helps organizations to meet their GDPR compliance requirements through features such as retention policies, data subject access requests, and individual consent mechanisms. Dialpad offers customers a Data Protection Agreement (DPA). Dialpad is also Privacy Shield compliant. Please see Dialpad’s Privacy Shield Status here.

SOC2® Type II
Dialpad is SOC2® Type II compliant. We have performed a third-party audit to certify that we have implemented controls that are designed and operate effectively to meet the objectives of the AICPA Trust Services Principles. To obtain a copy of the report reach out to our sales team.

HIPAA
Most Dialpad products, including UberConference, can be used compliantly by healthcare industry customers once a Business Associate Agreement has been signed with Dialpad. For additional details for how we can help you meet the Privacy and Security Rule Requirements see Dialpad's HIPAA Compliance Datasheet.

CSA
Dialpad is a member of the Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR). Dialpad has completed the Consensus Assessment Initiative Questionnaire (CAIQ) and has posted the results within the registry. The completed questionnaire can be found here.
Privacy Features
Customizable retention policy
Enterprise customers can set their own retention policies to remove, archive, or anonymize data on a custom time interval.
Call recording capabilities
Dialpad allows admins to configure the call recordings settings to comply with applicable laws—including the ability to play automated prompts to alert callers. In-call indicators within the applications also allow for clear visibility of recording.
Data Ownership
Dialpad offers analytics and export capabilities for sensitive data that can be managed by the administrators. Data subject access requests are also available in our help center.
Frequently Asked Questions
Can Dialpad help us meet PCI compliance requirements?
Option 1: Agents have the capability to pause their recordings in order to take payments data over a call
Option 2: Dialpad offers an API to programmatically stop/restart recordings for users based on actions taken in payment systems.
Are Dialpad’s integrations secure?
Does Dialpad protect against spam calls?
How does Dialpad protect against web application attacks?
Does Dialpad have an incident management process?
Does Dialpad have a policy on government data demands?