Twiso is designed to adhere to the strict guidelines set forth by the General Data Protection Regulation (GDPR). This includes ensuring that proper consent is obtained from users before collecting and processing their personal data, providing clear and transparent information about how their data is used, and allowing users to easily access and manage their personal information. Our product also includes robust security measures to protect user data from unauthorised access and breaches.
All data is encrypted in transit and at rest using industry-leading best practices. At rest, data is encrypted with 256-bit AES. In transit, our modern TLS cipher configuration prevents downgrade attacks.
Data Center and Network Security:
Twiso hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon’s compliance and security documents for more detailed information. 100 percent of Twiso's primary application servers are located within Twiso’s own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.
All connections to Twiso are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.
Twiso is fully compliant with the California Consumer Privacy Act (CCPA), ensuring that our customers' personal data is securely handled and protected. We have implemented the necessary safeguards and protocols to ensure that all personal information is collected, used, and shared in accordance with the CCPA's requirements. Our customers can trust that their data is secure and that we are committed to upholding their privacy rights.
Identity and access management (beta)
You can ensure only the right people have access to your company's data in Twiso with SAML single sign-on (SSO). Manage user accounts automatically with SCIM provisioning.
Security and Development Practices:
- Design of all new product functionality is reviewed for security impact, with Twiso conducting mandatory code reviews for all changes to the code. Twiso development and testing environments are separate from its production environment. All code development is done through a standard process.
- Vulnerability Disclosure Process – Twiso considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority; therefore, we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would be eager to hear from you.
SOC 2 - Type 2 (external audit pending)
Twiso is in the audit window for SOC 2 Type 2 compliance, attesting to the controls and governance we have in place in adherence to the Trust Service Principles established by the American Institute of Certified Public Accountants.