Security Overview

At Rexpt, security is foundational to how we build and operate our Voice AI platform. We understand that you're trusting us with your business communications, and we take that responsibility seriously.

This page provides an overview of the security measures we implement to protect your data.

Encryption

Your data is encrypted both in transit and at rest.

Protection	Standard
Data in Transit	TLS 1.3 encryption for all connections
Data at Rest	AES-256 encryption for stored data
Call Recordings	Encrypted storage with access controls
Backups	Encrypted with separate key management

Infrastructure

We host our platform on industry-leading cloud providers with robust security certifications.

Hosted on Google Cloud Platform (GCP) and Amazon Web Services (AWS)

Our cloud providers maintain SOC 2 Type II, ISO 27001, and other certifications

Data centers feature physical security, redundant power, and environmental controls

Automatic failover and geographic redundancy for high availability

Authentication & Access

We implement strong authentication controls to protect your account.

Email with One-Time Password (OTP) verification

Single Sign-On (SSO) via Google, Apple, Facebook, and Microsoft

Maximum 3 concurrent sessions per account

Sessions expire after 24 hours of inactivity

Role-based access control (Owner, Admin, Manager, Viewer)

New device login notifications via email

Data Protection

We implement multiple layers of protection for your data.

Measure	Description
Access Controls	Role-based permissions with least-privilege principle
Audit Logging	All access and changes are logged
Data Isolation	Customer data is logically separated
Secure Development	Security reviews and testing in our development process
Fraud Prevention	Automated detection of suspicious activity

Data Retention

We retain your data only as long as necessary and provide clear deletion timelines.

Data Type	Retention Period
Call Recordings	90 days, then automatically deleted
Call Transcripts	90 days, then automatically deleted
Account Data	Duration of subscription + 30 days
After Account Deletion	All data deleted within 7 days

You can request early deletion of your data at any time by contacting support.

Compliance

We design our platform with privacy regulations in mind.

GDPR Ready: Data Processing Agreement (DPA) available for EU customers

CCPA Compliant: California privacy rights supported

HIPAA: Business Associate Agreement (BAA) available for healthcare customers

TCPA: Call recording disclosures and consent mechanisms

Availability

We design for high availability to keep your AI agents running.

99.5% uptime target for SMB customers

99.9% uptime target for Enterprise customers (with SLA)

Redundant systems and automatic failover

Regular backups with tested recovery procedures

Vulnerability Disclosure

We appreciate the work of security researchers in helping us keep Rexpt secure.

Reporting a Vulnerability

If you discover a security vulnerability in our platform, please report it to us responsibly:

Email: legal@rxpt.us

Subject line: "Security Vulnerability Report"

Include detailed steps to reproduce the issue

Allow us reasonable time to investigate and fix before public disclosure

What to Include

Description of the vulnerability

Steps to reproduce

Potential impact

Any supporting evidence (screenshots, logs)

Our Commitment

We will acknowledge your report within 48 hours

We will keep you informed of our progress

Contact

For security-related inquiries or to report a vulnerability:

Email: legal@rxpt.us
For general support: support@rxpt.us

We aim to respond to all security inquiries within 48 hours.