Security & Compliance
Enterprise-grade security protecting your data
Multi-Layer Security Architecture
BizRnr implements a comprehensive security strategy with multiple layers of protection, from data encryption to access controls, ensuring your sensitive business data remains secure.
Encryption Layer
End-to-end encryption for data in transit and at rest using industry-standard AES-256
Access Control
Role-based access control (RBAC) with row-level security policies
Authentication
Secure cookie-based sessions with Supabase SSR authentication
Data Encryption
In Transit
- TLS 1.3 encryption for all API communications
- HTTPS-only connections enforced
- Secure WebSocket connections for real-time data
- Certificate pinning for API endpoints
At Rest
- AES-256 encryption for database storage
- Encrypted backups with separate key management
- Secure storage of API keys and credentials
- Call recordings encrypted in cloud storage
Compliance & Standards
GDPR Ready
Built with European data protection regulations in mind
- Right to access personal data
- Right to data portability (export)
- Right to erasure (delete contacts)
- Data minimization principles
HIPAA Considerations
Healthcare-ready architecture with appropriate safeguards
- Encrypted data storage and transmission
- Access controls and audit logs
- Secure backup and disaster recovery
- Business Associate Agreements available
Trusted Third-Party Integrations
BizRnr integrates with industry-leading service providers that maintain the highest security and compliance standards:
ELElevenLabs (Voice AI)
- SOC 2 Type II certified
- ISO 27001 compliant
- GDPR compliant
- Enterprise-grade voice encryption
TWTwilio (SMS Gateway)
- SOC 2 Type II certified
- ISO 27001 compliant
- HIPAA eligible infrastructure
- PCI DSS Level 1 Service Provider
By partnering with SOC 2 Type II and ISO 27001 certified providers, BizRnr ensures your voice and messaging data is handled with the highest security standards in the industry.
Privacy & Do Not Call Compliance
BizRnr is committed to respecting consumer privacy and adhering to Do Not Call (DNC) regulations.
DND/DNC Protection
- Automatic filtering: Contacts marked as DND/DNC are automatically excluded from all outbound calling campaigns
- Zero tolerance: DND contacts are never queued for calls, even when selected in batch operations
- Easy management: Simple toggle to mark contacts as Do Not Disturb with visual indicators
- Audit trail: All DND changes are logged for compliance verification
Opt-Out Mechanisms
- Instant opt-out: Contacts can request to be added to DNC list during AI calls
- SMS opt-out: Automatic handling of STOP, UNSUBSCRIBE keywords in messages
- Permanent records: DND status persists across all campaigns and imports
- Bulk import protection: DND status checked during CSV imports to prevent accidental calls
Your responsibility: While BizRnr provides robust DNC protection tools, you are responsible for maintaining compliance with local Do Not Call regulations, including maintaining your own DNC lists and honoring opt-out requests. BizRnr respects all DND flags you set on contacts.
Security Best Practices
Strong Passwords
Minimum 8 characters with complexity requirements enforced
Webhook Verification
HMAC-SHA256 signature verification on all incoming webhooks
Regular Backups
Automated daily backups with 30-day retention
Audit Logging
Comprehensive logs of all user actions and API calls
Rate Limiting
API rate limits prevent abuse and DDoS attacks
Secure Infrastructure
Hosted on enterprise-grade cloud infrastructure
Report Security Issues
If you discover a security vulnerability, please report it responsibly. We take security seriously and will respond to all legitimate reports promptly.