Now live · Talk to Ellie — DIAL3D's voice agent. No demo call required.
DIAL3D
(855) 715-0051 Book a demo
Trust center

Security at DIAL3D.

Last reviewed · May 19, 2026

Summary

DIAL3D operates a security program designed around HIPAA, 42 CFR Part 2, and the SOC 2 Type II framework. PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is role-based, logged, and reviewed quarterly. Multi-factor authentication is required for all workforce access. SOC 2 Type II audit is in progress; report available under NDA Q3 2026.

Infrastructure

DIAL3D production runs on SOC 2-audited cloud providers (Cloudflare for edge + workers, AWS for backend services). All compute, storage, and networking happens in U.S. regions. No PHI crosses U.S. borders.

Each customer's data is isolated by tenant at the storage layer — customer A cannot read customer B's data even at the database query level. Tenant isolation is enforced by design, not application-only.

Encryption

In transit: TLS 1.2 minimum on all customer-facing endpoints. Internal service-to-service communication is encrypted with mutual TLS.

At rest: AES-256 for voice recordings, transcripts, and structured PHI. Encryption keys are managed by AWS KMS with customer-managed key options on Enterprise plans.

Backups are encrypted at rest with the same standards; cross-region replication preserves encryption.

Workforce access

Production access is limited to a minimum-necessary group of workforce members. Multi-factor authentication is required for every access. Access is role-based and reviewed quarterly; departing workforce members lose access the same business day.

All production access is logged immutably. Logs are tamper-evident, time-synchronized, and retained for at least six years.

Vulnerability management

DIAL3D runs continuous dependency scanning, automated security testing in CI, and quarterly third-party penetration testing. Findings are tracked to remediation with SLAs (critical: 7 days; high: 30 days; medium: 90 days).

Responsible disclosure: security researchers can report vulnerabilities to security@dial3d.ai. We acknowledge within 24 hours and confirm or close within 5 business days.

Authentication for customer admins

Customer admin users can configure MFA enforcement for their organization. SSO via SAML is available on Enterprise plans (Okta, Azure AD, Google Workspace).

Session management: configurable session timeouts, IP allow-lists, and device-recognition policies on Enterprise.

Audit logs

All access to PHI is logged immutably. Logs capture: actor, action, target record, timestamp, source IP, session ID.

Customers can export their audit logs at any time for inclusion in their own HIPAA risk assessment or external audits.

Incident response

DIAL3D maintains a documented incident response plan. In the event of a confirmed security incident affecting customer PHI, we notify affected customers without unreasonable delay and provide the information required to discharge their breach-notification obligations.

Status page (status.dial3d.ai) publishes all incidents within 15 minutes of detection.

Audit + assurance

Annual HIPAA risk assessment by an independent third party. SOC 2 Type II audit in progress; report available under NDA at completion (target Q3 2026). Customers can request the most recent risk assessment summary under NDA.

Need this document, a security questionnaire, or a deeper conversation?

Need the security questionnaire, SOC 2 progress letter, penetration test summary, or subprocessor list? Our security team responds under NDA within one business day.

Contact our compliance team

Other trust + compliance pages

Next step

See how DIAL3D handles compliance in production.

Thirty minutes. We screen-share the agent through a real call, then show you the audit trail, the consent record, and the encryption posture.

Call (855) 715-0051 Try the chat Book a demo
Chat with Ellie