pattern Created with Sketch.

Trust at Dialpad

Security Features

  • SAML/SCIM

  • Role-based access model

  • Encryption

SAML/SCIM

From single sign-on capabilities to automated user provisioning, Dialpad offers integrations for access management via SAML and SCIM from providers like Azure, GSuite, OneLogin, Okta, and more.

Reach out to our sales team to inquire about our full vendor list.

Saml

Role-based access model

Dialpad allows admins to control which teams and individuals have access to certain features from a company, office, department, or user level. Granular permission levels can also be assigned for integrations across the platform.

See additional details on access management settings here.

3Home Illustration Deployment@2X

Encryption

Communications across Dialpad applications are encrypted using modern security standards. Calls over the VoIP network, as well as in transit web requests are encrypted using TLS and application data that is permanently stored at rest uses AES 256-bit within Google Cloud Platform.

To read more about our encryption practices see here.

Connected@2X

Compliance

GDPR and Privacy Shield

Dialpad helps organizations to meet their GDPR compliance requirements through features such as retention policies, data subject access requests, and individual consent mechanisms. Dialpad offers customers a Data Protection Agreement (DPA). Dialpad is also Privacy Shield compliant. Please see Dialpad’s Privacy Shield Status here.

SOC2® Type II

Dialpad is SOC2® Type II compliant. We have performed a third-party audit to certify that we have implemented controls that are designed and operate effectively to meet the objectives of the AICPA Trust Services Principles. To obtain a copy of the report reach out to our sales team.

HIPAA

Dialpad, as a Business Associate, will provide assurance to implement HIPAA safeguards to protect ePHI, including data and privacy protection measures. For additional details for how we can help you meet the Privacy and Security Rule Requirements see the following datasheet.

Privacy Features

Admin@2X 1

Customizable retention policy

Enterprise customers can set their own retention policies to remove, archive, or anonymize data on a custom time interval.

icon60/white/call-controls@1xCreated with Sketch.

Call recording capabilities

Dialpad allows admins to configure the call recordings settings to comply with applicable laws—including the ability to play automated prompts to alert callers. In-call indicators within the applications also allow for clear visibility of recording.

Usability@2X 1

Data Ownership

Dialpad offers analytics and export capabilities for sensitive data that can be managed by the administrators. Data subject access requests are also available in our help center.

Frequently Asked Questions

Can Dialpad help us meet PCI compliance requirements? +

Dialpad offers two options to customers in order to help them maintain their PCI Compliance.

Option 1: Agents have the capability to pause their recordings in order to take payments data over a call
Option 2: Dialpad offers an API to programmatically stop/restart recordings for users based on actions taken in payment systems.

Are Dialpad’s integrations secure? +

Native authentication and authorization mechanisms are used for the integrations built with our partners to ensure that permissions and data are accessed through verified protocols such as OAuth. Dialpad also gives customers control to manage the integrations to turn on and off data or permission access at the source. Furthermore, Dialpad goes through regular security reviews of its integrations with providers such as Google and SalesForce to be listed on the providers’ application directories.

Does Dialpad protect against spam calls? +

Call blocking and spam prevention features are provided to each user. Dialpad also performs spam recognition and gives capabilities for users to block callers with high spam scores. See the following page for additional details

How does Dialpad protect against web application attacks? +

Quarterly penetration tests are run by an independent third party tester on our new features and products to test against web application attacks, such as those identified within the OWASP Top 10. Dialpad also enables security scanners and security checks in continuous integration pipelines to ensure that common web application attacks are mitigated prior to deploying new releases.