Security FAQs

Dialpad protects your business and customer communications with enterprise-grade security that’s built right in. 

Let's go over some common security questions.

Are there session timeouts?

Yes - sessions are timed out after 30 days for Dialpad.com and the desktop apps (Mac, Windows, Chrome). The same is true for both mobile apps (iOS and Android) as long as the app isn't forcibly shut down. 

If that does happen, the session restarts at 0 the next time the app is restarted.

Is Diapad HIPAA Compliant?

Yes, we are HIPAA-ready. Healthcare industry customers can sign a Business Associate Agreement (BAA)with one click to get up and running. For additional details, check out Dialpad's HIPAA Compliance Datasheet.

Is Dialpad GDPR Compliant? 

Dialpad helps organizations meet their GDPR compliance requirements through features such as retention policies, data subject access requests, and individual consent mechanisms. Dialpad customers can sign a Data Processing Agreement (DPA)that addresses GDPR and beyond.

What about ISO standards?

Dialpad’s infrastructure and processes are annually certified against ISO 27001:2013 (Information security management), ISO 27017:2015(Information Security in the cloud), and ISO 27018:2019 (PII for public cloud processors).

Can I set data retention policies?

Absolutely! Dialpad Users can set their own retention policies to remove, archive, or anonymize data on a custom time interval.

Dialpad company customers and end-users may file Data Subject Access Requests for disclosure, export, and deletion at the Dialpad DSAR Portal.

Where and how is my data stored?

All permanent customer data, such as contact lists, call records, recordings, and transcripts, is stored in the United States via Google Cloud Platform, and backed up daily. Transient customer data through Dialpad's data centers is held for no more than 72 hours.

Are Dialpad integrations secure?

Native authentication and authorization mechanisms are used for the integrations built with our partners to ensure that permissions and data are accessed through verified protocols such as OAuth. Dialpad also gives customers control to manage the integrations to turn on and off data or permission access at the source. Furthermore, Dialpad goes through regular security reviews of its integrations with providers such as Google and SalesForce to be listed on the providers’ application directories.

How does Dialpad protect us from web application hacks?

Quarterly penetration tests are run by an independent third-party tester on our new features and products to test against web application attacks, such as those identified within the OWASP Top 10. Dialpad also enables security scanners and security checks in continuous integration pipelines to ensure that common web application attacks are mitigated prior to deploying new releases. Dialpad also implements technical controls such as rate-limiting to protect against unauthorized traffic attacks.