Trust Center

1. Compliance & reports

• SOC 2 Type II audited annually with report available under NDA.
• GDPR-ready processing with DPA available upon request.
• Security controls cover encryption, access governance, and monitoring.

2. HIPAA & BAA

Reach Central offers HIPAA-ready deployments and signs Business Associate Agreements (BAAs) for covered entities and healthcare partners.

3. Sub-processors

• Cloud infrastructure providers for hosting and storage.
• Telephony and SMS delivery partners for call handling.
• Customer support and CRM tooling for account management.
• Analytics and monitoring platforms for reliability and security.

A detailed, current list of named sub-processors is available upon request.

4. Data residency

Customer data can be hosted in US, Canada, or EU regions depending on contract requirements.

5. Retention defaults

• Default retention for call recordings and transcripts: 12 months.
• Default retention for analytics and metadata: 24 months.
• Retention windows are configurable by customer policy.

6. Incident response summary

• 24/7 monitoring for availability, access anomalies, and security events.
• Incident triage, containment, and remediation workflows with documented playbooks.
• Customer notification timelines aligned with contractual and regulatory requirements.

7. DPA & legal terms

A Data Processing Addendum (DPA) is available for GDPR and enterprise privacy requirements. Reach Central also supports custom contractual security addendums when required.

8. Report requests

1. Email security@reach-central.ai with your request.
2. We provide an NDA if required for SOC 2 documentation.
3. Reports and letters are delivered within 2-3 business days.