voxaris

Trust

Security

Last updated:

Voxaris operates production AI infrastructure that handles customer data, voice calls, SMS, and CRM webhooks for service businesses. Security is treated as a product requirement, not an afterthought.

Reporting a vulnerability

Email security@voxaris.io or admin@voxaris.io. Targets: acknowledgment in 2 business days, triage in 5, critical patches in 14. See /.well-known/security.txt.

How we secure data

Encryption. TLS 1.2+ on every surface, 2-year HSTS preload, secrets in environment-scoped secret managers, never in source control.

Database. Row-level security on every multi-tenant table. Cross-tenant reads are not possible.

Voice & SMS. LiveKit Cloud + Twilio Elastic SIP. Outbound voice requires per-lead TCPA voice-consent (FCC AI-voice disclosure, Feb 2024). Outbound SMS handles STOP, HELP, and quiet hours.

Code. Builds gate on CI (build + typecheck + lint). Security-relevant changes get a second-engineer or agent review before merge.

Subprocessors

  • Vercel — hosting + edge
  • Supabase — Postgres + auth + storage
  • Neon — Postgres (audit.voxaris.io)
  • Twilio — SMS + voice telephony
  • LiveKit Cloud — voice AI media routing
  • Google Cloud — Gemini + Solar + Maps
  • Anthropic — Claude API
  • OpenAI — speech-to-text + select inference

We do not sell or rent customer data to any third party.

Acknowledgments

None yet — be the first.