No SOC 2 marketing theater. Just what we actually do, what our vendors do, and what we don't touch. Honest answers to the security concerns most AI consultancies dodge.
Not aspirational. Not "we plan to." These are what we do today, backed by contracts with the underlying vendors and built into how we ship every project.
Our LLM vendors (Anthropic, OpenAI) contractually don't train on API data. Your call transcripts, customer info, and conversation history stay in your isolated account — never feeding someone else's model.
If a customer asks "Is this a real person?" — Vidd says yes, it's AI. Always. Built into the agent prompt as a one-strike rule. Faking humanity isn't an option we offer.
Every byte of data — call recordings, transcripts, customer info, integration tokens — encrypted with TLS in flight and AES-256 at rest. Standard across all five vendors in our stack.
One click pauses your voice agent, your automations, anything we've built. You're never locked out of your own stack. Audit logs show exactly what AI did, when, and what data it touched.
No hidden middlemen. Five enterprise vendors — all independently SOC 2 Type 2 certified — handle the actual infrastructure. You can audit their security pages directly.
Real concerns from real conversations. No corporate dance — straight answers about what AI can and can't do with your data.
Boundaries we don't cross, no matter what a client asks. The lines are the lines.
Your customer list, call recordings, transcripts, business info — all of it stays with you. We don't have a "data partner" we share anonymized info with. No exceptions, no "but the AI training is for everyone" carveout.
No "here's a real client call!" testimonials without explicit written permission, and no extracted audio in case studies. What happens on your calls stays on your calls.
If a customer asks Vidd "Is this a real person?" — the answer is yes, it's AI. Always. One-strike rule. Faking humanity is the fastest way to destroy customer trust, and we won't take that risk with your business.
Every workflow we ship — voice agent, automation, dashboard — has a one-click pause. You're the operator. If anything ever feels off, you turn it off. We fix what's broken before turning it back on.
Specific compliance frameworks where we're already aligned. If you need something not listed, ask — we'll tell you honestly if we can support it.
Massachusetts (and 10+ other all-party states) requires both sides to consent to call recording. Vidd discloses recording at the start of every call — built into the agent prompt as a default. Compliant out of the box.
We don't process, store, or transmit payment card data — ever. Voice agents don't capture credit cards. When customers want to pay, they're transferred to your existing PCI-compliant payment processor. You stay in scope, we stay out.
You can request deletion of any customer data, call recording, or transcript at any time. 30-day fulfillment standard. Aligned with GDPR / CCPA data subject request workflows even when not strictly required.
Email David directly. Real answer back, no marketing fluff. If we can't do what you need, we'll tell you that too.