Trust · Security · Compliance

Security at every layer.

Carrier-grade infrastructure, encryption in transit and at rest, third-party audits every quarter, and a security team you can actually email.

99.99%
Contracted uptime
SOC 2
Type II · annual
ISO 27001
Information security
AES-256
Data at rest
How we protect you

Four pillars. No corner cut.

We treat security the way we treat the carrier network underneath Rozper — as critical infrastructure, monitored every second, audited by people who don't work for us.

Encryption everywhere

All voice, video, messaging, and signalling are protected with TLS 1.3 in transit and AES-256 at rest. Media is encrypted leg-by-leg with SRTP; keys rotate automatically.

  • TLS 1.3 for every API and signalling path
  • SRTP for RTP media, with key rotation
  • AES-256 envelope encryption for stored data
  • Customer-managed keys (BYOK) on Enterprise

Carrier-grade infrastructure

We run our own redundant points-of-presence across three regions, with active-active failover, isolated tenant data, and continuous health checks at the carrier layer.

  • Multi-region active-active
  • Per-tenant logical isolation
  • 24/7 NOC with live engineer on-call
  • DDoS protection at the edge

Access controls

Least-privilege by default. Every customer admin can enforce SSO, SCIM, granular roles, and session policies — and every internal Rozper action is audited.

  • SAML 2.0 SSO + SCIM provisioning
  • Granular roles & scoped API keys
  • Mandatory MFA for all staff
  • Full audit trail, 13-month retention

Continuous assurance

Third-party assessors test our controls every quarter. Penetration tests, vulnerability scans, and red-team exercises feed back into the platform on a fixed cadence.

  • Quarterly external pen tests
  • Weekly dependency & container scans
  • Bug bounty program (in-scope reports)
  • Internal red-team exercises
Compliance & audits

Certified, in writing.

Request our latest reports through your account team. Audit packs include the controls matrix, executive summary, and the pen-test letter.

Request audit pack
SOC 2 Type II
Annual report, available under NDA.
ISO 27001
Information security management.
ISO 27017
Cloud-specific security controls.
ISO 27018
PII protection in cloud services.
HIPAA · BAA
Available for Enterprise customers.
GDPR · UK GDPR
DPA + SCCs on request.
PCI DSS · SAQ-A
For card-handling integrations.
CCPA / CPRA
California consumer rights.
Sub-processors

Who touches your data.

The short list. The full register, with regions and contract tiers, is in the customer console.

Provider
Purpose
Region
AWS
Compute & storage
US · EU · APAC
Cloudflare
Edge & WAF
Global
Twilio Networking
Number inventory
Global
Stripe
Billing & payments
US · EU
Data residency

Pick a region. Stay there.

Choose where your tenant lives at signup. Recordings, transcripts, and CDRs are pinned to that region — including backups.

  • US, EU, and APAC regions
    Active-active across three AZs each. Pinning is enforced at the storage layer, not just the routing layer.
  • On-prem session border control
    Optional. Customer-deployed SBC for regulated traffic patterns.
  • Tenant-level encryption keys
    BYOK with AWS KMS, GCP KMS, or HashiCorp Vault on Enterprise.
Responsible disclosure

Found something? Tell us first.

We'd rather hear from you than read about it. Send vulnerabilities to security@rozper.com with a clear reproduction, your contact details, and any requested redactions. We respond within one business day, fix first, then coordinate public disclosure.

Email security@rozper.comRead privacy policy