Security

Security at Voiceflow

Our top priority is delivering a performant platform that keeps customer data safe and end-user interactions secure.

Platform security

Secure and scalable agents

Teams trust Voiceflow to build and deploy AI automation use cases securely and at scale.

Reliability

Enterprise-grade reliability with 24x7 monitoring, multi-AZ cloud infrastructure, and annually tested disaster recovery. Built on AWS and GCP with isolated environments and Infrastructure as Code for consistent, resilient operations.

Security

Strong security foundations with encrypted credential storage (bcrypt), audit logging and alerting, granular access controls, continuous updates, and full project history tracking with rollback capability.

Data

Data is protected with strong encryption at rest using customer-managed keys, securely backed up across regions, and stored in highly available multi-AZ databases with point-in-time recovery.

Network

Network security is enforced through a CDN-backed WAF and DDoS protection, end-to-end encryption in transit with TLS and mTLS, and a segmented, firewalled architecture that strictly controls service-to-service communication.

Organizational

Organizational security is reinforced through employee background checks, ongoing security training, least-privilege access controls, comprehensive audit logging, and regularly tested business continuity and disaster recovery plans.

Application

Application security is maintained through automated and manual code reviews, continuous vulnerability scanning, regular external penetration testing, and enterprise-grade access controls including SSO.

Aerial view of textured sand dunes with shadows creating wave-like patterns.

Security

Purpose-built for enterprise scale

Delivering a powerful platform that keeps customer data safe and end-user interactions secure.

SOC-2 Type II

Excellence from design to operation: data privacy, processing integrity, and confidentiality stay top of mind.

Dark circular badge with text 'ISO 27001: 2022' in white.

ISO/IEC 27001:2022

The highest organizational standards for information security management, ensuring your data stays private.

GDPR Compliant

Personal data remains personal. Advanced user permissions lets users define handling procedures.

White medical caduceus symbol above the acronym HIPAA on a dark circular background.

HIPAA Compliant

Safeguarded systems designed to keep protected health information (PHI) secure.

Bug bounty

Voiceflow bug bounty

If you discover a potential security vulnerability, please email [email protected]. Eligible submissions may qualify for our bug bounty program.

Voiceflow values the contributions of the security research community in helping us maintain a safe and secure platform. We provide safe harbor for good-faith security research conducted in accordance with this Vulnerability Disclosure Policy. This means that if you comply with the guidelines set forth in this policy, Voiceflow will not initiate legal action against you under the Computer Fraud and Abuse Act (CFAA), the Digital Millennium Copyright Act (DMCA), or similar laws in other jurisdictions. We ask that you refrain from publicly disclosing any potential vulnerability until our security team has had the opportunity to review and address it.