Security & Compliance

Last updated February 12, 2026

Jump to section
1

Compliance Status

  • SOC 2: CrabCallr is not yet SOC 2 certified. We follow industry-standard security practices and plan to pursue certification as the platform matures.
  • HIPAA: CrabCallr is not HIPAA compliant. Do not use the service to transmit or store protected health information (PHI).
2

Current Security Practices

  • Encryption in transit: All data is transmitted over TLS. WebRTC media streams are encrypted end-to-end via SRTP.
  • Access controls: Authentication is handled via Supabase Auth with row-level security policies on all database tables.
  • Audit logging: Administrative actions and authentication events are logged for review.
  • Data retention: Voice audio is processed in real time and is not stored after the call ends. Transcripts are retained only when explicitly enabled by the user.
  • Dependency monitoring: Third-party packages are monitored for known vulnerabilities and updated regularly.
3

Contact

To report a security concern or request more information about our practices, email us at info@updaytr.com.