Security & Data Handling
Your callers trust you with sensitive information. We take that responsibility seriously. Here's how Tenmist protects your data at every step.
Our Approach to Security
Security is built into every layer of the Tenmist platform — not bolted on as an afterthought.
Encryption in Transit
All data transmitted between your callers, our AI, and your dashboard is encrypted using TLS 1.2+ — the same standard used by banks and healthcare systems.
Encryption at Rest
Stored data — including call recordings, transcripts, and lead information — is encrypted at rest using AES-256 encryption.
Access Controls
Role-based access ensures only authorized users see your data. Each client account is fully isolated — your data is never accessible to other customers.
SOC 2 Certified Infrastructure
Tenmist runs on Vercel and Neon, both of which maintain SOC 2 Type II certification for their platforms. While Tenmist itself does not hold an independent SOC 2 certification, our infrastructure providers are independently audited.
Call Data Handling
What We Capture
When your AI receptionist handles a call, we capture the caller's name, phone number, reason for calling, and callback preferences — the information you need to follow up. Call recordings and AI-generated transcripts are stored securely in your account.
Who Has Access
Only you and authorized users on your account can access your call data. Tenmist support staff may access your data only when you explicitly request help, and all access is logged.
What We Never Do
- We never sell your data or your callers' data to third parties.
- We never use your call data to train AI models for other clients.
- We never share your information across client accounts.
- We never use caller information for marketing purposes.
Data Retention & Deletion
Retention Periods
Call recordings and transcripts are retained for the duration of your active subscription. You can delete individual call records at any time from your dashboard.
Deletion Requests
You can request deletion of specific call records or all account data at any time by contacting our support team. Deletion requests are processed within 30 days.
Account Cancellation
When you cancel your Tenmist account, your data remains available for download for 30 days. After that, all call recordings, transcripts, and lead data are permanently deleted within 90 days of cancellation. We can expedite deletion upon request.
Compliance Readiness
Tenmist is built on infrastructure that meets rigorous compliance standards. Here's how we align with common regulatory requirements:
SOC 2 Type II
Our infrastructure providers — Vercel (hosting) and Neon (database) — maintain SOC 2 Type II certification, demonstrating ongoing compliance with security, availability, and confidentiality trust service criteria.
HIPAA-Aware Practices
Tenmist implements security controls that align with HIPAA requirements, including encryption in transit and at rest, access controls, and data isolation. Tenmist is not HIPAA certified and does not currently offer Business Associate Agreements (BAAs). Healthcare clients should contact us to discuss their specific compliance requirements before signing up.
Data Privacy
We process only the data necessary to provide the service. Caller information is stored securely and is never shared, sold, or used beyond delivering leads to your inbox. See our Privacy Policy for complete details.
Questions About Security?
We're happy to discuss our security practices in detail. Reach out and we'll walk you through how Tenmist protects your data.