Trust center
Everything your security, privacy, and compliance teams need to review Callweave, in one place. We state plainly what is in place today and what is on the roadmap, with dates. We would rather you trust what you can verify.
Callweave is voice AI for regulated call workflows. Because that means we touch call recordings and customer data, we publish our security posture and contractual terms openly so a diligence review can start without a sales call. Use the documents below, and contact security@callweave.ai for anything provided under MNDA.
Documents
Security at Callweave
The security controls we run today, plus a dated roadmap for what is still coming.
Subprocessors
Who may process data on our behalf, by function and region, with our advance change-notice commitment.
Data Processing Addendum
Sample GDPR Article 28 processor terms, including the no-training clause, transfers, and Annex II security measures.
Privacy Policy
How we handle personal data as a controller (website and prospects) versus a processor (customer call data). Includes the cookies notice.
Terms of Service
Website terms plus the commercial-terms overview. Paid platform use is governed by a separate executed agreement.
The short version
- EU data residency is available on request; recordings can stay in your own storage bucket.
- No model training on your audio, transcripts, or case data.
- Human review on every escalation; materially important actions stay with a person.
- Configurable retention; call samples sent for a review are deleted afterwards unless you opt in.
- GDPR Article 28 DPA available now; SOC 2 Type II in progress, target H1 2027 (not currently attested, and we will not say otherwise).
What you can request
During an evaluation we provide a mutual NDA, completed standard security questionnaires (such as SIG and CAIQ), and the current full named subprocessor list under the DPA. Email security@callweave.ai for security questions or to report a vulnerability.