Effective Date: 13 August 2025
Location: India
At , safeguarding the confidentiality, integrity, and availability of your data is our highest priority. This Data Security Policy outlines how we protect customer data, infrastructure, and communications across our platform.
1. Purpose
- Data is protected against unauthorized access, disclosure, alteration, or destruction.
- Compliance with Indian data laws and international security standards.
- Continuous trust and reliability in Trylli AI’s AI-driven voice services.
2. Scope
- Data collected and processed through the Trylli AI platform
- Users, customers, employees, and third-party service providers
- Infrastructure (databases, APIs, cloud storage) and communication protocols
3. Data We Secure
- Personal Information: Name, email, phone number, business details
- Voice & Call Data: Audio recordings, transcriptions, summaries
- System Data: Logs, history, configuration files, call analytics
- Knowledge Base Content: Uploaded documents, prompts, templates
- Payment Data: Transaction IDs (Note: payment processing is handled via third-party gateways)
4. Security Practices
a) Encryption- Data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).
- Voice files, logs, and transcriptions are securely stored in cloud infrastructure (e.g., AWS, Runpod) with restricted access.
b) Authentication & Access- Multi-factor authentication (MFA) for internal admin systems.
- Role-Based Access Control (RBAC) for users—permissions are tightly scoped (admin, manager, agent).
- API access is secured with rotating tokens and OAuth where applicable.
c) Network & Infrastructure Security- Firewalls, WAFs, and VPNs are used to safeguard internal services.
- Regular patching, vulnerability scanning, and real-time monitoring are performed.
d) Logging & Monitoring- All access and actions are logged and monitored for anomalies.
- Internal dashboards allow traceability of call flows, voice model access, and API usage.
e) Physical & Cloud Security- Cloud data centers comply with ISO/IEC 27001, SOC 2, and GDPR standards.
- Backups are encrypted and stored across distributed secure locations.
5. Data Backup & Disaster Recovery
- Regular backups are scheduled for:
- Call logs, recordings
- Knowledge base files
- User configurations
- Disaster recovery procedures ensure data restoration within 24 hours in case of critical failures.
- High availability architecture prevents single points of failure.
6. Vendor & Third-Party Security
We use industry-trusted providers like Twilio, Exotel, Runpod, AWS, and Lambda Labs. Each is vetted for:
- Secure data handling practices
- Compliance with privacy and security frameworks
- SLAs guaranteeing uptime and incident response
7. Employee & Internal Data Access
- Employees receive periodic security training.
- Access to customer data is granted only on a need-to-know basis.
- Internal systems are protected by SSO, MFA, and IP restrictions.
8. Incident Response Plan
- Our team initiates containment, assessment, and mitigation within 4 hours in the event of a data breach or security incident.
- Affected users are notified within 72 hours, as per legal obligations.
- Full incident reports are generated and used to strengthen the system.
9. User Responsibilities
- Keeping your account credentials secure
- Not sharing sensitive customer data via unsecured channels
- Reporting suspicious activity to hello@trylli.ai immediately
10. Compliance & Audits
- Trylli AI aligns with:
- IT Act, 2000 (India)
- ISO/IEC 27001 principles
- GDPR (for international users)
- Regular internal audits are conducted to ensure ongoing compliance
11. Updates to This Policy
We may revise this policy to adapt to evolving security standards. Any updates will be communicated via email and posted on our website.