Security & Data Protection

WireBot is built for an industry where customer data is sensitive and dealer trust is everything. Security isn't a feature we added — it's how the platform was architected from day one.

Data Ownership — A Clear Split

WireBot uses a split ownership model. There's no ambiguity about who owns what.

Dealer-Owned (stays with the store)
  • ✦ Customer records and contact info
  • ✦ Voice note transcriptions and content
  • ✦ Every interaction and follow-up log
  • ✦ Sales history and activation data
  • ✦ Complete audit trail
Rep-Owned (follows the rep)
  • ✦ Close rate and performance metrics
  • ✦ XP, streaks, and milestone badges
  • ✦ Selling patterns and strengths
  • ✦ Lifetime revenue and deal count
  • ✦ WireBot reputation score

When a rep leaves, customer data stays with the dealer. The rep's personal performance history follows them to their next WireBot-using store — like a career portfolio, not a data transfer.

Multi-Tenant Isolation

Every dealer's data is completely isolated at the database level. This isn't application-layer filtering — it's enforced by PostgreSQL Row-Level Security (RLS) policies that the application cannot bypass.

Encryption

In Transit
TLS 1.3
All data encrypted between device, server, and database. No plaintext transmission, ever.
At Rest
AES-256
Customer data, voice files, and transcriptions encrypted on disk using industry-standard AES-256.
Voice Files
90-Day Auto-Purge
Audio recordings are automatically deleted after 90 days. Transcriptions and extracted data are retained.
Backups
7-Day Retention
Point-in-time recovery with 7-day history window. Your data is protected against accidental loss.

Device & Access Security

WireBot is designed for store-issued iPads — not personal phones. This is a deliberate architectural decision, not a limitation.

AI & Data Processing

WireBot uses AI for voice transcription and data extraction. Here's exactly what AI sees and doesn't see:

Data Type AI Access Status
Voice note audio (for transcription) Processed, not stored by AI provider Processed & Discarded
Transcript text (for extraction) Processed to extract customer details Processed & Discarded
SSN, credit card numbers Redacted before AI processing Blocked
Customer phone numbers Extracted and stored in dealer's tenant Dealer-Owned
Sales and commission data Never sent to AI providers Blocked

Our AI providers (Anthropic and OpenAI) do not train on customer inputs. Voice data is processed and discarded — not retained, not learned from, not shared.

SMS Compliance

Audit Trail

Every action in WireBot is logged and traceable. Customer record views, edits, follow-ups sent, SMS opt-outs, manager access — all timestamped and tied to a specific user. If a carrier or compliance review asks "who accessed this customer's data and when," the answer is one query away.

Infrastructure

Database
Neon PostgreSQL
Serverless Postgres with row-level security. AWS US East (Virginia). SOC 2 Type II certified provider.
Hosting
Vercel
Edge network with automatic SSL. SOC 2 Type II certified. DDoS protection included.
Voice Storage
Cloudflare R2
Encrypted object storage for voice files. Zero egress fees. 90-day auto-purge.
Authentication
Clerk
Enterprise-grade auth with multi-tenant org support. SOC 2 Type II certified.

Roadmap

Questions?

If you have security questions or need documentation for your compliance team, reach out at security@wirebot.app.