Data Protection
We employ rigorous encryption standards to protect data throughout its lifecycle.Encryption in Transit
All data transmitted between your clients, your users, and our servers is encrypted using TLS 1.2+ (Transport Layer Security). This includes:- API requests.
- Websocket connections for real-time audio.
- Dashboard access.
Encryption at Rest
Sensitive data stored in our databases and file storage systems is encrypted at rest using AES-256 encryption. This applies to:- Call recordings and transcripts.
- Knowledge base documents.
- API keys and secrets.
Access Control
Our platform is built with strict multi-tenancy and Role-Based Access Control (RBAC) to ensure data isolation.Role-Based Access Control (RBAC)
We enforce granular permissions to limit access based on user roles:- Admin: Full access to organization settings, billing, and team management.
- Agent Manager: Can create and edit agents, tools, and knowledge bases but cannot modify billing or invite users.
- Viewer: Read-only access to call logs and analytics.
Data Isolation
Every API request requires anX-Organization-Id header. Our application logic enforces strict tenant isolation, ensuring that users can only access data belonging to their specific organization.
Infrastructure Security
Butter AI is hosted on top-tier cloud providers (AWS) that maintain state-of-the-art physical and network security.- VPC Isolation: Our compute resources run within a Virtual Private Cloud (VPC), isolated from the public internet where possible.
- Least Privilege: Our internal services operate with the principle of least privilege, accessing only the resources necessary to perform their function.
- Regular Updates: We regularly patch and update our infrastructure to protect against known vulnerabilities.
Compliance Certifications
Butter AI is not currently SOC 2, HIPAA, or ISO 27001 certified.