Security to protect your conversations and your business

Comprehensive security for peace of mind.

Security Compliance Badge

We understand that the confidentiality, integrity, and availability of our services are the highest order of priority for our customers, and for us as a company

Spoke Phone security commitments

We take a comprehensive, multi-layered approach to security, ensuring that every element of your data is secure, and that our service in the cloud is as good or better than industry standards including SOC2, HIPAA and GDPR.

Secure Data Handling
Security Badge

Cloud infrastructure security
All of our services are hosted with Amazon Web Services (AWS). They employ a robust security program with multiple certifications.

All databases are encrypted at rest. Our applications encrypt in transit with TLS/SSL only.

Vulnerability scanning, logging and monitoring
We perform vulnerability scanning and actively monitor for threats. We actively monitor and log various cloud services.

Business continuity and disaster recovery
We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.

Incident response
We have a process for handling information security events which includes escalation procedures, rapid mitigation and communication.

Organizational security


Information Security Program

We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants. 

Third-Party Penetration Testing & Auditing

Our organization undergoes independent third-party assessments to test our security and compliance controls.

We perform an independent third-party penetration testing at least annually to ensure that the security posture of our services is uncompromised.

Roles and Responsibilities

Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all of the security policies.

Trusted Employees

Our team members are background checked in accordance with local laws  and required to go through industry standard employee security awareness training.

All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.


Industry standards

Spoke Phone is committed to industry standards to keep your data secure, private and safe. We are currently in our SOC 2 verification period.

Spoke is built on Twilio and is HIPAA compliant for your peace of mind

Conversation context with patient profile

Secure, informed and actioned with HIPAA: for today's communication environment

Securely push contextual information into calls and conversations, across your entire team; in clinic, on the road and in-home. 

Ensure your phone systems, mobile calls and messaging are all HIPAA compliant.

We know your top priority is making sure patient data is always private and secure. That’s why Spoke is built on Twilio and HIPPA compliant for your peace of mind.

Access security

Permissions and authentication
Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role. 

Least privilege access control
We follow the principle of least privilege with respect to identity and access management.

Quarterly access reviews
We perform quarterly access reviews of all team members with access to sensitive systems.

Password requirements
All team members are required to adhere to a minimum set of password requirements and complexity for access. 

Data storage and security

Hosted on Amazon Web Services

Our websites, web/mobile applications back-ends, and all other back-end services including data storage run on AWS. The AWS platform is designed and built to run on a shared security responsibility model. This means that AWS is responsible for securing the underlying infrastructure that supports our platform, including facilities, network, hardware, and operational software. 

The infrastructure that Amazon provides is designed and managed in alignment with security best practices and a variety of IT security standards, including SOC 1,2 and 3, PCI DSS level 1, and ISO 27001. 

Your data protection is our highest priority

End-to-End 256-Bit AES military grade encryption, as used by all major banks.

Protect your data with local storage

Robust APIs and pre-built integrations let you control where your data is stored and who has access.

Private tokens, redacted PII, encrypted recordings

Enhance our industry standard 256-Bit AES with private encryption tokens on recordings, and redacted phone numbers and text from Spoke servers. 

Contact us

If you have any questions or wish to report a potential security concern please contact: