Skip to main content
Security & Compliance

Your Data Stays Yours. Period.

Built for ISPs who handle CPNI and subscriber data every day. We take security as seriously as you do.

Enterprise-Grade SecurityAES-256CPNI AwareGDPR ReadySSO Included
Architecture

How Your Data Flows

Multi-tenant architecture with customer-isolated data stores. Encryption at every boundary.

Your VoIP System

VoIP.ms, Atheral, SIP

TLS 1.3

QueSee Processing

US / EU Data Centers, VPC Isolated

AES-256

Encrypted Storage

Encrypted Storage, Tenant Isolated

WAF + DDoS Protection
PII Detection + Handling
Dedicated Encryption Controls (Enterprise)
Active-Passive DR Failover

Diagram is illustrative. Full technical architecture documentation available upon request for Enterprise evaluations.

Security Pillars

Enterprise-Grade Security. ISP-Specific Compliance.

Encryption

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit for all data transfers
  • Cloud-native secrets management with encrypted credential storage
  • Dedicated encryption controls (Enterprise)
  • Encryption in transit (TLS 1.3) and at rest (AES-256) across the entire pipeline

Access Controls

  • Role-based access control (RBAC) with granular permissions
  • Multi-factor authentication (MFA) available for all users
  • SSO via Google and Microsoft - your team signs in with accounts they already have. SAML for Okta/Azure AD on the Enterprise roadmap.
  • Session management with configurable timeouts and forced logout
  • Centralized audit logging of security events (30-day retention)

CPNI & Data Handling

  • Supports your FCC CPNI (Customer Proprietary Network Information) compliance
  • Strict tenant isolation - no data commingling between customers
  • US and EU data residency available - you choose your region
  • Data retained per your policy, fully exportable in standard formats
  • Data deleted within 30 days of contract termination
  • PII suppression rules configurable per scorecard

Infrastructure

  • Hosted on enterprise-grade cloud infrastructure with US and EU data center options
  • 99% uptime target
  • DDoS protection and traffic filtering built into our cloud infrastructure
  • Built for high availability with redundant infrastructure across regions
  • VPC isolation and network segmentation with private service connectivity
Identity & Access

Single Sign-On & Access Management

No separate credentials. Your team signs in with Google or Microsoft accounts they already have.

Supported Identity Providers

Google SSO
Available now
Microsoft SSO
Available now
More Providers
Coming on Enterprise roadmap

Essential Plan

SSO (Google/Microsoft) + MFA. Your team signs in with accounts they already have.

Pro Plan

Popular

SSO (Google/Microsoft) + MFA. One-click login through accounts your team already uses. JIT (Just-In-Time) user provisioning supported.

Enterprise Plan

SSO via Google and Microsoft + MFA + SAML on roadmap. Dedicated encryption controls.

Plan Comparison

Security Features by Plan

Every plan includes enterprise-grade encryption, MFA, and SSO. Higher tiers unlock dedicated controls and advanced audit logging.

Security FeatureEssential$70/agent/moProPopular$120/agent/moEnterpriseCustom
Enterprise-Grade Security Controls
AES-256 Encryption (at rest + in transit)
Multi-Factor Authentication (MFA)
Role-Based Access Control (RBAC)
Standard Audit Logging
SSO (Google/Microsoft)
Advanced Audit Logs (extended retention, export)
Custom Data Retention Policies
Dedicated Encryption Controls
Dedicated Instance Option
Data ResidencyUSUSUS & EU
Custom DPA
Business Associate Agreement (BAA)
Transparency

Subprocessor Disclosure

Full transparency on who handles your data and why. We notify customers 30 days before adding new subprocessors.

Zero data retention for call audio.

Call audio is analyzed in isolated infrastructure in your region (US or EU), then the model discards it - it's never stored, and our analysis provider runs with zero data retention. The insights we generate are kept in your QueSee environment for the term of your subscription.

Your Data Stays Where You Choose

We offer both US and EU data residency. You choose your region, and your data is processed and stored there - it doesn't move between regions.

SubprocessorPurposeData Location
Amazon Web ServicesCloud infrastructure (managed database hosting)United States
Google Cloud PlatformCloud hosting, compute, storage, and AI servicesUnited States
MongoDB AtlasDatabase hosting (insights and subscriber profiles)United States
Firebase (Google)AuthenticationUnited States
VercelFrontend application hostingUnited States
AnthropicEngineering support tooling (no model training)United States
PostHogProduct analytics and session replayUnited States
FormspreeContact form processingUnited States

This list covers key subprocessors. A complete, regularly updated subprocessor list is available upon request. Contact security@quesee.ai for the full list.

Team Rollout

Rolling Out QueSee to Your Team?

Here's what your agents need to know. Share this with your team before rollout.

No new recordings

QueSee analyzes call recordings you already have. It doesn't record anything new or add any monitoring software to agent workstations.

Agents see their own data

Agents can see their own scores, coaching insights, and performance trends. It's a coaching tool, not a surveillance tool.

Controlled visibility

Individual agent data is visible to authorized managers only - not broadcast to the whole company. Permissions are role-based.

Coaching, not punishment

The purpose is coaching and continuous improvement, not surveillance or punitive action. We recommend transparent rollout communication.

“Introducing QueSee to Your Team” One-Pager

A ready-to-share document explaining what QueSee does, what agents can see, and how their data is handled.

FAQ

Security & Compliance FAQ

Answers to the questions your IT and security teams will ask.

What security controls does QueSee have in place?
QueSee implements enterprise-grade security controls covering security, availability, and confidentiality. You can request a copy of our security controls documentation using the form above - we'll verify your identity and send it within 1 business day.
Where is my data stored?
We offer both US and EU data residency. You choose your region, and your data is processed and stored there - it doesn't move between regions.
Do humans access my call recordings?
No. Call recordings are processed entirely by automated AI systems. QueSee employees do not listen to your call recordings. In rare cases involving support escalations, access may be granted only with your explicit written consent and is fully logged in our audit trail.
How do you handle CPNI?
QueSee is fully CPNI-aware. We follow FCC guidelines for handling Customer Proprietary Network Information. All subscriber data is tenant-isolated, access-controlled, and encrypted. We do not share, sell, or commingle customer data across tenants.
Can I submit a security questionnaire?
Yes - and you can save time by downloading our pre-filled SIG Lite and CAIQ questionnaires first. If your organization uses a custom security questionnaire, send it to security@quesee.ai and we'll typically complete it within 5 business days.
What's the uptime SLA?
We target 99% monthly uptime. Formal uptime commitments are available on Enterprise agreements. Scheduled maintenance is communicated 72 hours in advance.
Can I export my data if we leave?
Yes. You can export all your data at any time in standard formats (JSON, CSV). Upon contract termination, you have a 30-day export window, after which your data is deleted within 30 days. We provide written confirmation of deletion on request.
Do you support SSO?
Yes. SSO via Google and Microsoft is included on all plans - your team signs in with accounts they already have. SAML for Okta/Azure AD is on the Enterprise roadmap.
What subprocessors do you use?
Our key subprocessors are listed in the Subprocessor Disclosure section above. Call audio is never retained - it's deleted immediately after analysis, and our enterprise AI analysis provider runs with zero data retention, so audio isn't stored on their side either. We don't store verbatim transcripts, and no customer data is used to train models. We retain the insights we generate and subscriber profile data in our US database for the term of your subscription.
Is a BAA or custom DPA available?
A standard Data Processing Addendum (DPA) is available for download above. Custom DPAs and Business Associate Agreements (BAAs) are available on the Enterprise plan. Contact our security team to discuss your specific requirements.
Can I run my own penetration test against QueSee?
Yes, with coordination. Enterprise customers may conduct their own penetration testing against their QueSee instance. We require 14 days advance notice, a defined scope, and a signed testing agreement. Contact security@quesee.ai to arrange.

Security-First. ISP-Built. Ready for Your Review.

14-day free trial. No credit card. Enterprise-grade security controls. CPNI aware. Your security team will thank you.

Enterprise-grade security controls
AES-256 Encryption
CPNI Aware
SSO Included
5-Week ROI Guarantee
Security & Compliance - QueSee AI | QueSee.ai