Security

How switch.monster protects your data

Encrypted Credentials

Authentication credentials and sensitive account data are encrypted using industry-standard methods.

Encrypted Call Metadata

Sensitive call-log metadata including caller numbers, forwarding destinations, and source labels are encrypted at rest.

Masked by Default

Phone numbers are masked in standard UI views and API responses. Raw values require explicit privileged access.

Role-Based Access

Access to sensitive operations is controlled through role-based permissions and privileged access patterns.

Recording Access

Call recordings are not served directly. All recording access goes through authenticated proxy endpoints that verify user identity and permissions before providing access. Recording URLs are time-limited and cannot be shared or accessed without authentication.

Honest Limitations

  • Recording storage: Call recordings are stored in Twilio infrastructure. We do not provide zero-knowledge encryption for audio content.
  • Twilio access: Twilio has infrastructure-level access to call audio as the underlying voice provider.
  • Legacy plaintext: Some tracking-number configuration data (phone numbers, forward destinations) is stored plaintext at rest but is masked in all default UI and API displays.
  • No compliance certifications: We do not currently hold SOC 2, HIPAA, or other compliance certifications. We focus on practical security measures appropriate for our current stage.

Infrastructure

switch.monster runs on Vercel infrastructure with Supabase for database services and Twilio for voice infrastructure. Data is transmitted over TLS-encrypted connections.

Security Contact

To report security issues or ask questions about our security practices, contact us at security@switch.monster.