PocketRep handles the most sensitive part of your sales process — the conversation itself. Built on infrastructure with ISO 27001 and SOC 2 Type II certification, deployed in EU regions by default, with audio destroyed after transcription and your data never used to train models, ours or anyone else's.
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Encryption keys are managed by our infrastructure provider's KMS with hardware-backed key storage. No PocketRep employee can access your raw audio, transcripts, or summaries without explicit, time-limited support access — granted by you, case by case.
Recordings, transcripts, and summaries are stored in EU regions by default and never leave your tenant. UK and US residency are available on Team and Enterprise plans. The full sub-processor list is published in our DPA and updated with at least 30 days' notice before any change.
Source audio is destroyed once the transcript is generated — typically within minutes of recording. Transcripts and summaries are retained for the life of the account by default; admins can shorten retention per workspace or delete any record on demand. Hard deletion removes data from primary storage and backups within 30 days.
Role-based access on every workspace, with admin, member, and viewer roles. SSO via SAML 2.0 — Okta, Entra ID, and Google Workspace — is included on Enterprise. Audit logs capture every read, export, and admin action and are exportable as CSV for your SIEM. Session controls (idle timeout, IP allowlist) are configurable per workspace.
PocketRep is GDPR-aligned and runs on infrastructure with ISO 27001 and SOC 2 Type II certification. Our DPA, SOC 2 Type II report, and latest pen-test summary are available under NDA on request.
We welcome reports from independent researchers. Email security@pocketrep.app with a description and reproduction steps — we acknowledge within one business day. Good-faith research that follows our published policy is covered by safe harbour.
Reach out and we'll send the latest pack under NDA, usually within one business day.
Contact security