Enterprise-grade.
SMB-priced.
IzzyOps runs on R.O.S. — the contact-centre operations platform we access via our exclusive partnership with Redial BPO. SOC 2 Type II, PCI DSS Level 1, and HIPAA-aligned. The certifications you'd expect from a vendor 10× the price.
Auditable, every layer.
Through our exclusive partnership with Redial BPO, IzzyOps inherits the same operational controls used to handle millions of customer interactions for Fortune 500 clients — extended to every IzzyOps account.
SOC 2 Type II
Annual independent audit. Covers security, availability, confidentiality, processing integrity, privacy.
PCI DSS Level 1
Highest tier of card-data handling. AI hands off before card numbers; agents take payment in PCI-scoped tooling.
HIPAA-aligned
BAA available. PHI handling controls across AI, transcripts, recordings, and storage.
GDPR / CCPA
Data subject rights, regional storage, configurable retention, exportable on request.
ISO 27001
Information security management. Annual surveillance audits. Risk-based controls.
TCPA / Australian Consumer Law
DNC sync, quiet hours, consent capture, opt-out automation per jurisdiction.
Encryption, isolation, audit — at every step.
A call ringing in touches a dozen systems before it ends. Each one is locked down, logged, and reviewable. Your security team can pen-test, request audit logs, and configure controls without us in the room.
- TLS 1.3 in transit · AES-256 at rest
- Row-level tenant isolation — no shared state across customers
- Role-based access · SSO via SAML / OIDC · MFA mandatory for admins
- Immutable audit trail · 7-year retention default · exportable to SIEM
- Quarterly third-party pen-tests · bug-bounty programme
The boring controls that matter.
Configurable retention
Per data class — calls, transcripts, contact records, AI logs. Default 90 days; up to 7 years; or zero.
Auto-redaction
PII, PHI, card numbers, SSNs scrubbed from transcripts and storage in real time. Never reaches the model context.
Customer-managed keys
Bring your own KMS key on Enterprise. Revoke = data inaccessible immediately.
Regional storage
AU, US, EU, APAC residency. Data never leaves the region you pick.
When AI hands to a human, security comes too.
The handoff is the riskiest moment in any AI conversation — that's where most vendors leak context, PII, or compliance. IzzyOps treats it as a first-class security event.
- Agents see redacted-by-default transcripts. PHI/PII unlocked per-role.
- Recording resumes under PCI-scoped tooling for payment moments.
- Every handoff event timestamped and signed for audit.
- Customer can request a session-by-session compliance report.
Real customers.
Real numbers.
Security · FAQ
Where is data stored?
Can we get a SOC 2 report?
What's stored vs. transient?
Can we run our own pen-tests?
How do you handle vendor management?
What about AI model risk?
Bring your security team.
They'll be bored.
Trust pack, SOC 2 report, BAA, DPA — request what you need. We'll get you onto a security call within a day.