Tiksoo handles business phone line data and call recordings. Here's how we protect it.
All data between your browser and Tiksoo is encrypted using TLS 1.2 or higher. API communication with Twilio, Mailgun, and Stripe uses HTTPS exclusively. We enforce HTTPS on all endpoints — unencrypted HTTP requests are rejected.
Account data and monitoring records are stored in a dedicated PostgreSQL database. Call recordings are stored by Twilio and accessed via their secure API. Passwords are hashed using industry-standard algorithms (PBKDF2 with SHA-256) and are never stored in plain text or logged.
Baseline recordings and test call audio are used exclusively for acoustic fingerprinting — they are never listened to by Tiksoo staff, shared with third parties, or used for any purpose other than detecting failures on your monitored numbers. Test call recordings are automatically deleted after 90 days. Baseline recordings are deleted when you remove a phone number or close your account.
Tiksoo supports multi-factor authentication (MFA) via authenticator app. Session tokens are rotated on login and invalidated on logout. CSRF protection is enforced on all state-changing requests. We recommend using a unique, strong password and enabling MFA on your account.
We rely on established, security-audited providers: Twilio (SOC 2 Type II, ISO 27001) for call infrastructure, Stripe (PCI-DSS Level 1) for payment processing, and Mailgun for email delivery. No payment card data ever touches Tiksoo servers.
Production database and server access is restricted to authorized personnel only. All infrastructure access requires authentication. Monitoring data is strictly isolated per account — you can only access your own phone numbers and call records.
If you discover a security vulnerability in Tiksoo, please report it to us privately before disclosing it publicly. We will investigate all reports promptly and work to address confirmed issues as quickly as possible. We ask that you give us reasonable time to resolve the issue before any public disclosure.
Report a VulnerabilityWe use cookies for authentication and to remember your preferences. Privacy Policy