Security & Privacy

Your data is yours. Full stop.

We never sell it. Never train on it. Never share it. And when you leave, you take every byte with you.

πŸ”’ Data security overview
$$$
πŸ“ž
πŸ“…
πŸ“„
πŸ”
πŸ”‘
AES-256 encryption at restActive
πŸ›‘
TLS 1.3 in transitActive
βœ“
SOC 2 Type II certifiedVerified

What we commit to. In plain English.

πŸ”’

We never sell your data

Your customer list, your financials, your call recordings, none of it is ever sold, licensed, or shared with advertisers or third parties. Ever.

πŸ€–

We never train on your data

Your business data is never used to train models, ours or anyone else’s. What happens in your business stays in your business.

πŸ“¦

You can take it with you

Request a full export of all your data at any time. Cancel Operator and everything comes with you, no data held hostage, no extraction fees.

πŸ‘

Read-only financial access

Operator connects to your bank accounts via Plaid, read-only. We can see transactions to categorize them. We cannot move money without your explicit approval.

πŸ—‘

Delete everything, anytime

One request wipes all your data from our systems within 30 days. Call recordings, customer history, financials, all gone. No backup copies retained.

πŸ”

Bank-grade encryption

AES-256 encryption at rest. TLS 1.3 in transit. The same standard used by banks, hospitals, and the federal government.

SOC 2 Type IIAES-256 EncryptionTLS 1.3Plaid Read-OnlyAWS GovCloudGDPR Ready

Exactly what Operator can and can’t see

No surprises. Here’s the full data access map.

Data type
Operator can see
Operator can do
Call recordings
βœ“ Transcripts only (you can disable)
Extract info, train knowledge base
Bank transactions
βœ“ Read-only via Plaid
Cannot move money
Customer data
βœ“ Name, phone, history
Book, follow up, invoice
Payroll details
βœ“ Hours and rates you input
Calculate and submit via Gusto
Passwords & logins
Never stored
Not applicable
SSN / tax ID
Never requested
Not applicable

Built on infrastructure you can trust

We don’t build our own security stack. We use the same vendors that power banking, healthcare, and government systems.

AWS (Amazon Web Services)

All data hosted on AWS US-East. The same infrastructure used by the CIA, the NHS, and every major US bank. SOC 1, 2, and 3 certified.

Plaid (financial connections)

Read-only bank connectivity used by 8,000+ apps including Venmo and Robinhood. Your bank login never touches Operator’s servers.

Stripe (payment processing)

PCI DSS Level 1 certified. The payment infrastructure behind Shopify, Lyft, and DoorDash. Card data never stored on Operator systems.

Twilio (phone & messaging)

HIPAA-compliant voice and SMS infrastructure used by healthcare providers, banks, and governments in 180+ countries.

Questions? We’ll answer them directly.

Talk to a real person about how we handle your specific data needs.

Contact security team β†’