Data storage
Recordings
Call recordings are stored in encrypted object storage. Files are encrypted at rest and in transit. CallVault does not process recordings for any purpose other than transcription and generating AI summaries.Transcripts
Transcripts are stored in a secure database with row-level access controls. A user can only access transcripts from workspaces they’ve been added to — there is no cross-workspace data leakage.AI processing
When CallVault generates transcripts and AI summaries, your audio and transcript data is sent to our AI processing providers under strict data processing agreements. Your data is not used to train AI models.Access controls
Workspace-based isolation
All call data is scoped to workspaces. Being a member of an organization does not grant access to any workspace — workspace access must be explicitly granted by a workspace Admin.Role enforcement
Workspace roles are enforced server-side. The distinction between Viewer, Editor, and Admin permissions is applied at the API level, not just in the UI.Shared links
Share links provide time-limited, read-only access to individual calls for people outside your workspace.- Links are randomly generated and not guessable
- Links can be set to expire after a specified date
- Links can be password-protected
- Links can be revoked instantly from the call’s share settings
- Link recipients cannot access any other calls in your workspace
Anyone with the share link URL can access the call — links are not tied to a specific email address. Use password protection for sensitive calls.
Authentication
- Passwords are hashed using industry-standard algorithms (never stored in plaintext)
- Google SSO is available for organizations that prefer centralized identity management
- Sessions expire after a period of inactivity