Security

Your pipeline data deserves serious protection.

QuotaVyn is built on the principle of data minimalism — we ingest only the signals needed to score deals, retain data only as long as necessary, and give you full visibility and control. No call recordings. No email content. No shadow profiles.

QuotaVyn is not a call recording platform. We are not storing your prospect conversations or rep emails. The only data we read is behavioral metadata: timestamps, counts, response patterns — the minimum needed to score deal health.

Secure data infrastructure illustration
Data Practices

What we access and what we don't

Data Type What We Read What We Don't Store
Email (Gmail / Outlook) Timestamps, sender/recipient metadata, thread count per opportunity Email subject lines, body content, attachments
Calendar Meeting occurrence counts, duration, attendee count Meeting title, agenda, attendee identities
CRM (Salesforce / HubSpot) Opportunity fields, stage history, contact roles, activity tasks Account financials, custom non-pipeline fields
Call Recording (Gong) Call count, duration, talk ratio, next-step mentions (summary flags) Call audio, transcripts, verbatim conversation
Sales Engagement (Outreach / Salesloft) Sequence enrollment, step completion, reply status Template content, custom merge fields
Controls

Technical and organizational safeguards

Encryption in transit and at rest
All data transmitted over TLS 1.2+. Stored data encrypted using AES-256 at the database and object storage layers. Encryption keys managed with rotation schedules.
Access controls and least privilege
Role-based access across all infrastructure. Production database access requires two-factor authentication and is logged. Customer data partitioned by tenant.
Hosted on AWS (US East)
All customer data processed and stored within AWS US-East-1 region. Infrastructure managed via Terraform with immutable deployment practices.
Data retention and deletion
Activity metadata retained for 24 months by default, configurable to 12 months. Full data deletion on contract termination within 30 days. Audit log available.
Audit logging
All user actions, data access events, and integration syncs logged with timestamps. Scale tier customers can access their audit log via API.
SSO / SAML 2.0 (Scale)
Scale tier teams can enforce SAML 2.0 SSO via Okta, Azure AD, or any SAML-compatible IdP. Sessions enforced server-side with configurable timeout.
Compliance posture
QuotaVyn is designed with SOC 2 Type II controls in mind — logical access controls, audit logging, and incident response procedures are in place. We are working toward formal certification and will share our security documentation on request.
Sub-processors

Third-party services we use

QuotaVyn uses a small number of sub-processors to operate the platform. We review them for privacy and security practices and maintain DPA agreements with each.

  • AWS — Cloud infrastructure, data storage, compute
  • Stripe — Payment processing (no financial data in QuotaVyn)
  • Postmark — Transactional email delivery
  • Datadog — Infrastructure monitoring (anonymized telemetry only)
Questions?

Security review

If your security or legal team needs a questionnaire completed, custom DPA language, or a call with our CTO, we're available. We regularly complete vendor security reviews for enterprise customers.

Contact Security Team

Pipeline data is sensitive. We treat it that way.

Read our privacy policy for the full data handling details, or contact us to discuss specific security requirements for your organization.

Privacy Policy Contact Security