GDPR Compliant

Your data is safe with us

LeadCaller is built with security from the ground up. All data is stored in the EU, encrypted and protected with industry-leading security solutions.

GDPR
EU Data Protection Regulation
EU Data
Stored in Stockholm
Encrypted
AES-256 + TLS 1.3

Our infrastructure is hosted on AWS which holds SOC 2 Type II and ISO 27001 certifications. Payments are handled by Stripe (PCI DSS certified).

Security at every layer

How we protect your data

GDPR Compliance

Full compliance with the EU General Data Protection Regulation. We have processes for data handling, erasure and portability.

EU Data Storage

All data is stored on AWS servers in the EU (Stockholm). No data leaves the European Union.

Encryption

AES-256 encryption for data at rest. TLS 1.3 for all data in transit. End-to-end security.

Access Control

Role-based access control (RBAC). The principle of least privilege is applied throughout.

24/7 Monitoring

Continuous security monitoring and automated threat detection around the clock.

Backups

Automatic daily backups with geo-redundancy. Fast recovery when needed.

GDPR

Full GDPR Compliance

LeadCaller is built for European businesses. We comply with all requirements of the EU General Data Protection Regulation (GDPR) and work proactively with data protection.

As a data processor, we provide a Data Processing Agreement (DPA) for all our customers. This is included at no extra cost.

Right to erasure (Art. 17)
Right to data portability (Art. 20)
Right of access (Art. 15)
Data Processing Agreement (DPA)
EU

Data Storage in the EU

Stockholm, Sweden (eu-north-1)

Data centre AWS Stockholm
Encryption at rest AES-256
Encryption in transit TLS 1.3
Backup retention 30 days

FAQ

Security Questions

Where is my data stored?

All customer data is stored on AWS servers in Stockholm (eu-north-1). Backups are stored redundantly within the EU.

How long is data retained?

Call data is retained according to your settings, typically 12-24 months. Backups are kept for 30 days. You can request erasure at any time.

Can I export all my data?

Yes, under the GDPR you have the right to data portability. Contact us and we will export all your data.

How is personal data handled in AI calls?

Call data is processed in real time and stored encrypted. No data is used to train AI models.

Do you have a Data Processing Agreement?

Yes, we provide a DPA (Data Processing Agreement) for all customers. Included in all business plans.

Data Processing Agreement

DPA for all customers

When you use LeadCaller, we act as a data processor for the data processed within the service. We provide a Data Processing Agreement (DPA) for all customers at no extra cost.

  • Compliant with GDPR Article 28
  • Includes EU Standard Contractual Clauses (SCC)
  • Complete list of sub-processors
  • No extra cost
Request DPA

DPA includes

01

Nature and purpose of processing

Specification of what data is processed and why

02

Technical and organisational measures

Encryption, access control, monitoring, incident management

03

Sub-processor list

AWS, Twilio, Stripe, SendGrid, Anthropic, OpenAI, Deepgram and others

04

Data transfers and SCC

Standard Contractual Clauses for any transfers outside the EU/EEA

Security questions?

Contact our security team for questions about data protection, compliance or security incidents.

info@leadcaller.com Read privacy policy