Trust at Dialpad
Protecting customer data and communications
Role-based access model
From single sign-on capabilities to automated user provisioning, Dialpad offers integrations for access management via SAML and SCIM from providers like Azure, GSuite, OneLogin, Okta, and more.
Reach out to our sales team to inquire about our full vendor list.
Dialpad allows admins to control which teams and individuals have access to certain features from a company, office, department, or user level. Granular permission levels can also be assigned for integrations across the platform.
See additional details on access management settings here.
Communications across Dialpad applications are encrypted using modern security standards. Calls over the VoIP network, as well as in transit web requests are encrypted using TLS and application data that is permanently stored at rest uses AES 256-bit within Google Cloud Platform.
To read more about our encryption practices see here.
SOC2® Type II
Dialpad is SOC2® Type II compliant. We have performed a third-party audit to certify that we have implemented controls that are designed and operate effectively to meet the objectives of the AICPA Trust Services Principles. To obtain a copy of the report reach out to our sales team.
GDPR and Privacy Shield
Dialpad helps organizations to meet their GDPR compliance requirements through features such as retention policies, data subject access requests, and individual consent mechanisms. Dialpad offers customers a Data Protection Agreement (DPA). Dialpad is also Privacy Shield compliant. Please see Dialpad’s Privacy Shield Status here.
Dialpad is a member of the Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR). Dialpad has completed the Consensus Assessment Initiative Questionnaire (CAIQ) and has posted the results within the registry. The completed questionnaire can be found here.
Most Dialpad products, including UberConference, can be used compliantly by healthcare industry customers once a Business Associate Agreement has been signed with Dialpad. For additional details for how we can help you meet the Privacy and Security Rule Requirements see Dialpad's HIPAA Compliance Datasheet.
Security helpdesk articles
Preparing for GDPR Compliance
“This Call is Being Recorded” - When and How to Notify Your Customers
Frequently Asked Questions
Can Dialpad help us meet PCI compliance requirements?
Dialpad offers two options to customers in order to help them maintain their PCI Compliance.
Option 1: Agents have the capability to pause their recordings in order to take payments data over a call
Option 2: Dialpad offers an API to programmatically stop/restart recordings for users based on actions taken in payment systems.
Are Dialpad’s integrations secure?
Native authentication and authorization mechanisms are used for the integrations built with our partners to ensure that permissions and data are accessed through verified protocols such as OAuth. Dialpad also gives customers control to manage the integrations to turn on and off data or permission access at the source. Furthermore, Dialpad goes through regular security reviews of its integrations with providers such as Google and SalesForce to be listed on the providers’ application directories.
Does Dialpad protect against spam calls?
Call blocking and spam prevention features are provided to each user. Dialpad also performs spam recognition and gives capabilities for users to block callers with high spam scores. See the following page for additional details
How does Dialpad protect against web application attacks?
Quarterly penetration tests are run by an independent third party tester on our new features and products to test against web application attacks, such as those identified within the OWASP Top 10. Dialpad also enables security scanners and security checks in continuous integration pipelines to ensure that common web application attacks are mitigated prior to deploying new releases.