Security at Voiceflow

Our top priority is delivering a performant platform that keeps customer data safe and end-user interactions secure. Our focus is reliability at scale, while meeting or exceeding industry security expectations.

Security and compliance trusted by the Fortune 500 across every industry.

BMW LogoGoogle LogoMotorola LogoSpotify Logo
BMW LogoGoogle LogoMotorola LogoSpotify Logo


ISO/IEC 27001:2013 is a specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes

View live compliance monitoring

Voiceflow is SOC-2 compliant.

View live compliance monitoring

Voiceflow is GDPR compliant.

View live compliance monitoring


● 24x7x365 system server monitoring and on-call support from dedicated cloud-ops team
● Infrastructure hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP)
● Annually tested business continuity and disaster recovery (DR) plans
● Separate production and testing environments
● Multi-availability zone (AZ) compute instances
● Infrastructure as Code (IaaC) management of cloud resources to ensure repeatable and reliable changes.

Security features

● Voiceflow follows secure credential storage best practices by storing passwords using one-way hash encrypted passwords (BCRYPT)
● Audit logging and event alerting
● Regular updates rolled out to all customers, ensuring everyone has the latest application and security innovation
● Project history tracking and rollback capability
● User-managed workspace access control to govern sharing privileges
● Application audit log that includes security events such as user logins or configuration changes.

Data security

● Encryption-at-rest with AWS/GCP KMS customer-managed keys (AES-256)
● Geographically distributed and encrypted offsite backups
● Fully managed multi-AZ database instances with point-in-time-restore (PITR)

Network security

● A CDN-based Web Application Firewall (WAF) and (D)DOS mitigation technologies
● Encryption-in-transit using industry-standard TLS v1.2+ to ensure that all traffic between users and Voiceflow is secure.
● All cloud-internal traffic is encrypted with mTLS with short-lived per-application certificates.
● Tiered, firewalled, and segmented network infrastructure to ensure that communication between Voiceflow services is strictly controlled.

Organizational security

● Employee background and reference checks in accordance with local laws.
● Annual employee security awareness training covers topics such as data privacy, information security, and password security.
● Principle-of-least-privilege implemented across the organization for both information and resource access.
● Audit logging of all cloud resources

Application security

● Automated vulnerability analysis via network, host, and application scans.
● Code assessment through both automated and manual review processes governed by Voiceflow's document Software Development Life Cycle (SDLC) policy.
● Annual external penetration testing on primary public-facing endpoints.
● Single Sign-On (SSO) support for enterprise users


If you believe you've discovered a security-related issue or would like to learn more about Voiceflow's security practices, please contact us at

Adam Loo
Head of Legal and Compliance
Voiceflow, Inc.
Toronto, Canada


Build AI agents securely with
Voiceflow Enterprise

Voiceflow helps enterprise product teams securely build, test, launch, and manage conversational AI agents at scale for any use case.

Discover Enterprise

SSO and user controls

Secure and manage work across you organization with SSO and advanced user permissions.

checkbox icon

Security, contracts, and compliance

Meet strict compliance and security needs alongside custom contracting and SLAs.

Training and account management

From implementation support to hands-on training, we're here to offer personalized help.

Unlimited product access and betas

Receive unlimited Voiceflow feature access and invites to view and participate in Voiceflow beta features and our roadmap.

"Within one week of using Voiceflow for IVR user testing, we scaled the number of tests run from 12 to 300 - all in 50% of the time."

Sr. UX Designer, The Home Depot