SH
SalesHUD
Security

Enterprise-grade security

We handle sensitive sales conversations. Security and privacy are non-negotiable. Here's how we protect your data.

Request security questionnaire

Our security posture

Built from the ground up with security best practices

Data minimization
We only process audio and text necessary to generate HUD cues and notes. Call recordings are optional and you control retention policies.
Encryption everywhere
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Audio streams are processed ephemerally and never stored in plaintext.
Access controls
Role-based permissions ensure reps only see their own calls. Managers can access team data with your explicit configuration.
Tenant separation
Each customer's data is logically isolated. No cross-tenant data access or model training on your content.
Audit logging
Comprehensive audit trails for data access, exports, and configuration changes. Available in Team plans and above.
Compliance-ready
SOC 2 Type II certification in progress. GDPR-compliant data handling. CCPA and data export/deletion requests supported.

How we handle your data

What we collect

During calls:

  • Audio stream (processed in real-time for transcription, then discarded unless recording is enabled)
  • Transcript text (used to generate cues and notes)
  • Metadata (call duration, participants, timestamp)

From your integrations:

  • Account notes and contact data (if CRM connected, read-only by default)
  • Playbooks and templates you upload
What we don't do
  • No model training on your data: We do not use your calls or playbooks to train models for other customers.
  • No sharing with third parties: Your data stays with SalesHUD. We don't sell or share it with advertisers or data brokers.
  • No indefinite storage: You set retention policies. We delete data when you tell us to.
Data residency & subprocessors

SalesHUD infrastructure is hosted on AWS (US-East-1 by default). Enterprise customers can request alternative regions.

We use a small number of vetted subprocessors for infrastructure (AWS), transcription (OpenAI Whisper API), and analytics. Full subprocessor list available on request.

Compliance & certifications

SOC 2 Type II
In progress
We're currently undergoing SOC 2 Type II audit. Expected completion Q2 2026. Report available to Enterprise customers under NDA.
GDPR
Compliant
We comply with GDPR data subject rights including access, deletion, and portability. Data Processing Agreement (DPA) available on request.
CCPA
Compliant
California residents can request data access, deletion, and opt-out of data sales (which we don't do). Contact us via the security email below.
Recording consent
You're responsible for announcing call recording per your jurisdiction's laws. We provide suggested consent language and auto-announcement features.

Need more security details?

We're happy to provide completed security questionnaires, penetration test reports, or connect your InfoSec team with ours.

Contact security teamsecurity@saleshud.app