Security at tnyvoice

Enterprise-grade security for every organization

SOC 2 Type IGDPR CompliantCCPA Ready256-bit Encryption

Security First Architecture

Built with security as a core principle, not an afterthought

End-to-End Encryption

TLS 1.3 in transit, AES-256 at rest

Data Isolation

Row-level security for all data

Secure Infrastructure

Hosted on Vercel & Supabase

Data Protection

Encryption Standards

TLS 1.3 for all data in transit
AES-256-GCM encryption at rest
Encrypted database backups
Secure key management (HSM)

Data Isolation

Row-level security (RLS) enforced
Tenant isolation at database level
Separate encryption keys per account
API key scoping and permissions

Access Control

Authentication

• Magic link authentication (passwordless)
• Multi-factor authentication (coming Q1 2026)
• Session timeout after 7 days
• Secure token generation and storage

Authorization

• Role-based access control (RBAC)
• API key permissions and scoping
• Admin vs member permissions
• Audit logs for all admin actions

Infrastructure Security

Edge Network

Deployed on Vercel's global edge network with DDoS protection and automatic SSL

Database Security

Supabase managed PostgreSQL with automatic backups and point-in-time recovery

Network Security

WAF protection, rate limiting, and IP allowlisting capabilities

Compliance & Certifications

Current Compliance

GDPREU Data Protection

CCPACalifornia Privacy Rights

SOC 2 Type ISecurity & Availability

Coming Soon

SOC 2 Type IIQ2 2026

ISO 27001Q3 2026

HIPAA2027

Security Practices

Development Security

•Secure coding practices and code reviews
•Dependency scanning and updates
•Static and dynamic security testing
•Security training for all developers

Operational Security

•24/7 monitoring and alerting
•Incident response procedures
•Regular security audits
•Penetration testing (quarterly)

Security Incident Response

In the unlikely event of a security incident, we commit to:

• Notify affected users within 72 hours
• Provide detailed incident reports
• Take immediate remediation actions
• Conduct post-incident reviews

Report Security Issues

Found a security vulnerability? We appreciate responsible disclosure.

[email protected]

PGP Key

Download our PGP key for encrypted communication

Security Questions?

Our security team is here to answer any questions about our practices and compliance.

Contact Security Team Security Documentation