This page summarizes how we secure the AI Employee Network and the customer data flowing through it. We update it as our practices evolve.

For vendor reviews, security questionnaires, or DPA requests, email security@aiemployis.com — we typically respond within two business days.

Security pillars

Encryption

TLS 1.2+ in transit on all customer-facing surfaces. AES-256 at rest for stored conversation data, configuration, and credentials. Per-customer encryption keys for high-tier deployments.

Access control

Role-based access for AI Employis team members. Customer access governed by the customer's own SSO / IdP where supported. Audit logging on all administrative actions.

Infrastructure

Cloudflare Workers (edge runtime), Google Cloud (data plane), and a small set of vetted SaaS vendors (GoHighLevel, Twilio, Resend). All vendors covered by appropriate DPAs.

Operational practices

Production access restricted to a small operator team. Code changes peer-reviewed. Daily encrypted backups with 30-day retention. Quarterly access reviews.

Data residency and processing locations

Primary data processing happens in the United States (Cloudflare Workers globally distributed; Google Cloud us-central1; GoHighLevel US infrastructure). EU customers can request EU-only routing as part of their MSA, with appropriate Standard Contractual Clauses where data crosses borders.

Compliance posture

We're a small operator team and we're transparent about where we are on the compliance maturity curve:

  • What we do today: follow standard infrastructure-security practices (encryption, access control, audit logging, backups). Sign DPAs and BAAs as appropriate. Respond to vendor questionnaires.
  • What's in progress: SOC 2 Type 2 audit work is scheduled for late 2026.
  • What we don't claim: we are not currently SOC 2 certified, ISO 27001 certified, or HIPAA-attested. If your shop's compliance posture requires any of those, we'll have an honest conversation about timeline and what we can do in the interim.

Customer data ownership

You own your data. We process it as a service provider on your behalf. Specifically:

  • Conversation transcripts, qualification data, customer details — these belong to your shop.
  • We use anonymised aggregate data (e.g. average response times across the network) to improve the AI Employees over time. We don't use customer-identifiable conversation content to train models that benefit other customers without explicit written agreement.
  • Data export and deletion are available on request — see your DPA for specific timelines.

Incident response

If a security incident affects customer data, we notify affected customers within 72 hours of confirmation, with details of (a) what happened, (b) what data was involved, (c) what we're doing about it, and (d) what (if anything) you should do.

To report a suspected vulnerability or incident, email security@aiemployis.com. We take responsible disclosure seriously and will acknowledge receipt within one business day.

End-customer privacy

The AI Employee speaks to your end-customers (homeowners, property managers, etc.) on your behalf. We've built the conversation flows to:

  • Identify themselves clearly when asked. We do not pretend to be human if a caller specifically asks "is this an AI?"
  • Honor opt-out requests for SMS communications.
  • Avoid collecting more personal data than the qualification logic requires.
  • Comply with TCPA, CASL, and equivalent SMS regulations on outbound messages.

Vendor list

Our material sub-processors as of the "Last updated" date above:

  • Cloudflare — CDN, edge runtime, KV storage, R2 storage.
  • Google — Cloud (compute, BigQuery), Workspace (internal), Analytics 4.
  • GoHighLevel — CRM, calendar, customer-side workflow.
  • Twilio — SMS layer.
  • Resend — transactional email.
  • Stripe — payment processing.
  • Anthropic / OpenAI — language model APIs (under enterprise terms with no training use).

For the current full list with regions and DPAs, request our sub-processor disclosure via security@aiemployis.com.

Contact

Vendor reviews, questionnaires, DPA, or security disclosures: security@aiemployis.com.