SECURITY & TRUST
How Callara protects your data
Data residency
All customer data is stored in Canada. Our primary provider is Supabase in the ca-central-1 (Montréal) region. No data leaves Canada by default.
Encryption
TLS 1.3 for all network traffic. AES-256 for data at rest. Call recordings and transcripts are encrypted on disk and signed.
Authentication
Sign-in via Supabase Auth. Two-factor authentication available. Passwords hashed with bcrypt. Short-lived sessions with token rotation.
Compliance
Loi 25 (Québec) and PIPEDA (Canada) compliant by default. Privacy Officer published. Privacy Impact Assessments for any transfer outside Québec.
Infrastructure
Application hosting on Vercel. Voice and SMS via Twilio. Database and storage on Supabase. All enterprise-grade providers with their own SOC 2 / ISO 27001 certifications.
Report a vulnerability
If you find a security issue, please email security@callara.ca