Every call processed through Resonera.ai contains sensitive personal data — voice recordings, transcripts, and caller information. Here is exactly how we protect it.
Last updated: June 19, 2026
Built for call recording security
Resonera.ai processes voice call recordings, transcripts, and AI-derived analytics that constitute Sensitive Personal Data or Information (SPDI) under the IT (SPDI) Rules 2011. We apply strict technical and organisational controls to protect this data in compliance with the Information Technology Act 2000 and the Digital Personal Data Protection Act 2023.
Call recordings and transcripts are among the most sensitive data we handle. We protect them with:
Audio in Transit
Audio at Rest
Retention Controls
Access to Recordings
All data processed by Resonera.ai is encrypted throughout its lifecycle:
We enforce strict access controls to protect personal data and call records:
Cloud Hosting
Call recordings are stored in the AWS Mumbai (ap-south-1) region. Some AI processing (speech and language models) occurs with providers outside India under contractual safeguards — see our Privacy Policy.
Network Isolation
Production, staging, and development environments are fully isolated. VPC with private subnets for data processing layers.
DDoS Protection
Layer 3/4/7 DDoS mitigation active on all public-facing infrastructure including voice ingress endpoints.
Firewall Controls
Strict ingress/egress rules with default-deny posture. Only explicitly permitted traffic is allowed.
Patch Management
Operating system and dependency patches applied within 14 days of release for critical vulnerabilities, 30 days otherwise.
Secure Boot
All compute instances use verified boot to detect tampering at startup.
We maintain comprehensive audit trails for all access to personal data and call records:
Our security practices are designed to meet or exceed the requirements of:
We maintain a documented incident response procedure with defined response times:
Detection & Classification
Automated systems detect potential security events in real-time. All alerts are triaged within 1 hour.
Containment & Remediation
Affected systems are isolated immediately. Root cause analysis begins within 4 hours of detection.
Notification
Data breach notification to affected Platform Customers within 72 hours of confirmation, as required by the DPDP Act 2023 and IT Act 2000.
We use a vetted set of sub-processors for telephony, speech-to-text, AI language models, text-to-speech, cloud hosting, authentication, and payments. All sub-processors are bound by contractual data-processing terms that require appropriate security standards. The named list of sub-processors is published in our Privacy Policy, and an up-to-date list is available to Platform Customers on request at [email protected].
If you discover a security vulnerability in the Resonera.ai platform, please report it immediately to our security team. We follow responsible disclosure principles and will acknowledge your report within 24 hours.
Security Contact
Email: [email protected] · Response: within 24 hours
Please include: description of the vulnerability, steps to reproduce, potential impact, and your contact information.
Our security controls are aligned with the IT (SPDI) Rules 2011 and DPDP Act 2023. This page was last updated on June 19, 2026. Security practices are reviewed periodically. This page describes our security approach and is not a binding warranty.