Effective Date: May 14, 2026
Mini Table of Contents
This Security Overview summarizes AnswerKit’s baseline security posture for the Service. It is intended to provide a practical overview for customers and does not replace the Terms of Service, Privacy Policy, Data Processing Addendum, or Public Subprocessor List.
AnswerKit uses commercially reasonable administrative, technical, and organizational safeguards designed to protect the Service and Customer Data. The security program is lightweight and appropriate for an early live SaaS product. It may change as the Service evolves.
The Service may process Account information, Customer configurations, phone numbers, call metadata, live call audio streams, transcripts, summaries, support communications, and technical logs.
AnswerKit does not intentionally store full-call audio recordings in its own application database. Provider-side processing or retention may apply according to provider policies and service configuration.
Production access is limited to authorized personnel. AnswerKit uses limited administrative access controls but does not claim a formal enterprise role-based access control program unless separately stated in writing.
Customers are responsible for protecting their own Account credentials, limiting access to authorized users, and promptly reporting suspected unauthorized access.
AnswerKit uses encryption in transit for applicable Service communications.
No method of transmission, storage, or processing is completely secure, and AnswerKit does not guarantee absolute security.
AnswerKit uses logging or monitoring to help operate, secure, troubleshoot, and improve the Service. AnswerKit also maintains backups for resilience and recovery. Backup copies may persist for up to 90 days according to backup rotation.
AnswerKit maintains an incident response process. If AnswerKit confirms a Security Incident involving Customer Personal Data, it will notify affected Customers without undue delay and, where feasible, within 72 hours after confirmation.
AnswerKit reviews core Subprocessors before use. Current Subprocessors are listed in the Public Subprocessor List.
Customers are responsible for configuring the Service lawfully, providing required caller notices and consents, limiting sensitive information collection, maintaining reachable human escalation channels where appropriate, and reviewing AI Output for accuracy and appropriateness.
AnswerKit does not claim SOC 2, HIPAA, PCI, ISO 27001, or similar certification status unless expressly stated in a separate written statement from AnswerKit.
The Service is not designed for emergency response, crisis response, HIPAA-regulated workflows, payment card collection, or other regulated sensitive workflows unless expressly approved in writing.
Security questions: answerkit@pm.me