Security

Security is foundational to the Vortex Voice AI platform operated by EactiveNet, Inc. This page summarizes the administrative, technical, and organizational measures we use to protect the Services and the information processed through them. Our practices evolve, and we may update this page as our program matures.

1. Zero-Retention Voice Pipeline

Live call audio, real-time transcriptions, and intermediate AI outputs are processed in volatile memory only and are not written to persistent storage. When a call ends, this data is discarded. We retain only the limited metadata required for billing, fraud prevention, and service operation. This design reduces the sensitive-data footprint and supports our HIPAA posture (see HIPAA & BAA).

2. Multi-Tenant Isolation

The platform is built around strict tenant isolation. Each workspace's data, telephone numbers, knowledge base, and billing ledgers are logically separated using composite-key scoping enforced at the data-access layer, so one tenant cannot access another tenant's data.

3. Encryption

• In transit — traffic to and from the Services is encrypted using industry-standard TLS.
• At rest — persistent data stores are encrypted at rest by our infrastructure providers.
• Secrets — credentials and API keys are supplied through environment configuration and are never hard-coded into application source.

4. Access Control

• access to production systems follows the principle of least privilege;
• authentication safeguards protect customer accounts, and platform-administrator actions are auditable; and
• security-relevant events (such as sign-ins and administrative actions) are logged for monitoring and investigation.

5. Infrastructure and Subprocessors

The Services run on reputable cloud and carrier infrastructure. Our key subprocessors include our carrier partner (Telnyx), payment processor (Stripe), and compute provider (Modal), each subject to confidentiality and data-protection obligations. We rely on their physical and network security controls for the layers they operate.

6. Resilience and Monitoring

We monitor the health and security of the Services and apply abuse guardrails, rate limiting, and fraud controls to protect platform stability and your telephony spend. Because telephony depends on third-party networks, uninterrupted availability cannot be guaranteed, and the Services must not be relied upon for emergency calling.

7. Data Handling and Retention

We process personal information as described in our Privacy Policy. Knowledge-base content you upload is retained until you delete it or close your account; account and billing records are retained as required for legal and accounting purposes.

8. Responsible Disclosure

We welcome reports from the security community. If you believe you have found a vulnerability, please report it to [email protected] with enough detail to reproduce the issue. Please do not access or modify data that is not yours, degrade the Services, or publicly disclose the issue before we have had a reasonable opportunity to remediate. We will not pursue good-faith researchers who follow this guidance.

9. Incident Response

We maintain procedures to detect, investigate, and respond to security incidents. If an incident affects your data, we will notify affected customers as required by applicable law and any executed Business Associate Agreement.

10. Contact

For security questions or reports, contact [email protected], EactiveNet, Inc.