Security & Data Protection
WireBot is built for an industry where customer data is sensitive and dealer trust is everything. Security isn't a feature we added — it's how the platform was architected from day one.
Data Ownership — A Clear Split
WireBot uses a split ownership model. There's no ambiguity about who owns what.
Dealer-Owned (stays with the store)
- ✦ Customer records and contact info
- ✦ Voice note transcriptions and content
- ✦ Every interaction and follow-up log
- ✦ Sales history and activation data
- ✦ Complete audit trail
Rep-Owned (follows the rep)
- ✦ Close rate and performance metrics
- ✦ XP, streaks, and milestone badges
- ✦ Selling patterns and strengths
- ✦ Lifetime revenue and deal count
- ✦ WireBot reputation score
When a rep leaves, customer data stays with the dealer. The rep's personal performance history follows them to their next WireBot-using store — like a career portfolio, not a data transfer.
Multi-Tenant Isolation
Every dealer's data is completely isolated at the database level. This isn't application-layer filtering — it's enforced by PostgreSQL Row-Level Security (RLS) policies that the application cannot bypass.
- Every table has a tenant_id. Every query is scoped to the authenticated dealer's tenant. There is no "SELECT * FROM customers" without a tenant boundary.
- Even if our code has a bug, your customers cannot appear in another dealer's query. The database itself enforces the boundary, not our application logic.
- Separate database roles: The application connects with a restricted role that cannot bypass RLS. Administrative operations use a separate, audited role.
Encryption
In Transit
TLS 1.3
All data encrypted between device, server, and database. No plaintext transmission, ever.
At Rest
AES-256
Customer data, voice files, and transcriptions encrypted on disk using industry-standard AES-256.
Voice Files
90-Day Auto-Purge
Audio recordings are automatically deleted after 90 days. Transcriptions and extracted data are retained.
Backups
7-Day Retention
Point-in-time recovery with 7-day history window. Your data is protected against accidental loss.
Device & Access Security
WireBot is designed for store-issued iPads — not personal phones. This is a deliberate architectural decision, not a limitation.
- Store-device only. No customer data on personal devices. What happens in the store stays in the store.
- Shift-based sessions. Reps log in at the start of their shift and are automatically logged out when the session ends. No persistent access.
- Zero local caching. Customer data is never stored on the device. Everything lives server-side behind authentication.
- Role-based access. Reps see their customers. Managers see their store. Owners see all stores. Nobody sees more than they should.
AI & Data Processing
WireBot uses AI for voice transcription and data extraction. Here's exactly what AI sees and doesn't see:
| Data Type |
AI Access |
Status |
| Voice note audio (for transcription) |
Processed, not stored by AI provider |
Processed & Discarded |
| Transcript text (for extraction) |
Processed to extract customer details |
Processed & Discarded |
| SSN, credit card numbers |
Redacted before AI processing |
Blocked |
| Customer phone numbers |
Extracted and stored in dealer's tenant |
Dealer-Owned |
| Sales and commission data |
Never sent to AI providers |
Blocked |
Our AI providers (Anthropic and OpenAI) do not train on customer inputs. Voice data is processed and discarded — not retained, not learned from, not shared.
SMS Compliance
- TCPA compliant from Day 1. Every outbound message requires documented customer consent.
- Opt-in confirmation. Customers receive an initial text confirming their consent with clear opt-out instructions.
- Quiet hours enforced. No messages before 8 AM or after 9 PM in the customer's local timezone.
- STOP always works. Customers can opt out at any time by replying STOP. Opt-outs are processed immediately and permanently.
- 10DLC registered. WireBot uses registered Application-to-Person (A2P) messaging for maximum deliverability and carrier compliance.
- Per-rep phone numbers. Each rep gets their own dedicated number — customers text back to a real person, not a faceless brand.
Audit Trail
Every action in WireBot is logged and traceable. Customer record views, edits, follow-ups sent, SMS opt-outs, manager access — all timestamped and tied to a specific user. If a carrier or compliance review asks "who accessed this customer's data and when," the answer is one query away.
Infrastructure
Database
Neon PostgreSQL
Serverless Postgres with row-level security. AWS US East (Virginia). SOC 2 Type II certified provider.
Hosting
Vercel
Edge network with automatic SSL. SOC 2 Type II certified. DDoS protection included.
Voice Storage
Cloudflare R2
Encrypted object storage for voice files. Zero egress fees. 90-day auto-purge.
Authentication
Clerk
Enterprise-grade auth with multi-tenant org support. SOC 2 Type II certified.
Roadmap
- SOC 2 Type II: Controls documented and in practice. Formal audit planned post-pilot phase.
- Data Processing Addendum (DPA): Available for dealers who require one. Standard template with wireless-specific terms.
- Zero Data Retention (ZDR): Available for enterprise dealers who want to eliminate the standard AI provider retention window entirely.
- Self-hosted transcription: For dealers who want voice data to never leave their network. Runs on consumer hardware.
Questions?
If you have security questions or need documentation for your compliance team, reach out at security@wirebot.app.