We’re not certified. We don’t pretend to be. Here’s exactly what we do and don’t do for security — in plain language.
Every database record, call recording, transcript, and lead contact info encrypted with AES-256 in our secure database backups and storage.
Every audio frame, REST call, and webhook transit between telecommunications carriers, conversational engines, primary hosting servers, and your dashboard runs over TLS 1.2 or 1.3.
Internal webhooks (engine to backend) signed with a rotated 64-char HMAC secret. Replay attacks blocked at the verification layer.
Owner, admin, and team-member roles in dashboard. Leads, billing, and integrations gated by role.
Every dashboard action and admin change logged with user, timestamp, IP. 90-day retention.
Primary application server and database hosted in secure US-East enterprise-grade cloud regions. Customer chooses primary region during onboarding.
A lot of small SaaS companies put HIPAA / SOC 2 / GDPR / CCPA badges on their site without ever earning them. We refuse.
Synthfy is NOT HIPAA-certified. Medical practices using Synthfy should treat it as a non-clinical front desk only and not transmit PHI through the system.
Synthfy is NOT SOC 2 Type II certified. No external auditor has signed off on our controls yet. We follow security best practices but cannot offer audit attestations.
Synthfy does NOT make GDPR or CCPA compliance claims. We process some EU customer data (high-performance cloud computing provider is in Germany), but full GDPR DPA execution is roadmapped for 2027.
If certifications matter to your business, please factor that into your decision. We’d rather lose your business than mislead you about it.
Full legal language: Security Overview · Data Processing Addendum · Privacy Policy
Start your 7-day free trial today. No credit card required.
Start Free TrialAI-powered customer engagement for small businesses. Never miss an inquiry, capture every lead, 24/7.
© 2026 Synthfy. All rights reserved.
⚠ Emergency Services Disclaimer: Synthfy phone numbers are designated for inbound virtual receptionist use only and do not support 911 or E911 emergency calling. If you need emergency assistance, please dial 911 directly from a standard phone line or mobile device.