Volumelabs.live

Security

How we protect your data

In effect from · July 8, 2026

Security is foundational to a platform that answers your phone, reads your inbox and analyses your revenue. This page summarises the practices of Volume Labs Private Limited. Details evolve as the platform matures; material changes are reflected here.

1. Data encryption

  • All traffic is encrypted in transit with TLS 1.2+.
  • Data at rest — including conversations, recordings and knowledge bases — is encrypted with industry-standard algorithms (AES-256 class).
  • Secrets and API keys are stored in a managed secrets vault, never in code.

2. Tenant isolation

  • Every workspace’s data is logically isolated with tenant-scoped access enforcement at the API layer.
  • Your company AI model and knowledge base serve only your workspace. Customer Data is not used to train models for other customers without explicit agreement.

3. Access control

  • Role-based access (Owner, Admin, Agent, Analyst) with least privilege.
  • Internal access to production is restricted to authorised personnel, protected by SSO/MFA, and logged.
  • Support access to a customer workspace happens only with permission and is auditable.

4. Application security

  • Secure development lifecycle: code review, dependency scanning and static analysis in CI.
  • Protection against the OWASP Top 10 — input validation, output encoding, CSRF protection and rate limiting.
  • Audit logging of security-relevant events.

5. AI-specific safeguards

  • Guardrails: topic blocklists, escalation triggers, confidence thresholds and compliance modes are enforced server-side before AI output is delivered.
  • Prompt-injection and data-exfiltration defences on knowledge-base retrieval.
  • Call recording notices and PHI/PII redaction options for regulated configurations.

6. Infrastructure & continuity

  • Hosted on reputable cloud infrastructure with network segregation and managed firewalls.
  • Automated backups with periodic restore testing; documented incident response runbooks.
  • Status and incident notifications to affected customers without undue delay, as required by law.

7. Payments

Card data is processed by PCI-DSS compliant payment providers. We do not store full card numbers on our systems.

8. Responsible disclosure

We welcome good-faith security research. Report suspected vulnerabilities to labsvolume@gmail.com with steps to reproduce. Please avoid accessing other customers’ data, degrading the Service, or public disclosure before we have had a reasonable opportunity to remediate. We acknowledge reports within 48 hours and keep you informed through resolution.

9. Your part

  • Use strong, unique passwords and enable available account protections.
  • Scope integration credentials narrowly and rotate API keys periodically.
  • Configure guardrails and escalation rules appropriate to your industry (see the Privacy Policy for data-handling details).

10. Contact

Security questions or reports: labsvolume@gmail.com
Volume Labs Private Limited, C-254 Raksha Vihar Colony, Parwaliya Sadak, Fanda, Bhopal, Madhya Pradesh, India — 462030