// Trust & Security Report

    Aircall.Io, Inc. logo

    Aircall.Io, Inc.

    Cloud-based AI-powered customer communications platform with unified voice, SMS, and messaging. Features AI agents for 24/7 customer coverage, AI assistants for real-time coaching and automation, call center management, integrations with 250+ business tools (Salesforce, HubSpot, Zendesk, etc.), and healthcare-specific compliance (HIPAA BAA available).

    Certifications held

    9

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    SOC 2, Type II standards or its equivalent through independent, qualified third-party auditors. Aircall conducts at least annual audits.

    Verify on aircall.io
    ISO 27001
    HELD

    Aircall's security program is aligned with ISO 27001 and SOC II standards. Aircall hosts Personal Data primarily in AWS data centers that have been certified as ISO 27001... compliant.

    Verify on aircall.io
    GDPR
    HELD

    GDPR applies to the Processing of Personal Data if and to the extent conditions set forth by Art. 3 of the GDPR are fulfilled. Aircall is certified under the EU-U.S. Data Privacy Framework.

    Verify on aircall.io
    HIPAA
    HELD

    For covered entities or business associates under HIPAA who plan to process protected health information (PHI), Aircall offers customers the opportunity to enter into a Business Associate Agreement. Designed to safeguard PHI disclosed pursuant to a business associate agreement in line with HIPAA Privacy and Security Rules.

    Verify on aircall.io
    CCPA
    HELD

    CCPA – Compliant (listed on security certifications page)

    Verify on aircall.io
    CPNI
    HELD

    CPNI – Compliant (VoIP provider requirement for telecom carriers)

    Verify on aircall.io
    CIS Certified
    HELD

    CIS (Center for Internet Security) – Certified

    Verify on aircall.io
    NIST Framework
    HELD

    NIST – Framework implementation (referenced as security standard alignment)

    Verify on aircall.io
    CSA CAIQ Level 1
    HELD

    CSA CAIQ Level 1 – Certified (250+ security questions)

    Verify on aircall.io
    > Show 2 unconfirmed / not-held certifications
    ISO 42001 (AI Management)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification on vendor domain, despite AI-powered product features.

    CSA STAR Registry
    NOT CONFIRMED

    No public evidence of Cloud Security Alliance STAR Registry membership (CSA CAIQ Level 1 achieved, but STAR Registry not mentioned).

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Primary locations: US (Oregon), EU (Frankfurt), Australia (Sydney). Data Privacy Framework certified for EU-US transfers. Uses Standard Contractual Clauses for non-adequate jurisdictions. Secondary transfers to India noted.

    Aircall does NOT use customer call data or recordings to train third-party AI models. However, product improvement analytics (transcriptions, usage patterns) are available for processing on customer data with express opt-out capability. Call recordings are anonymized (PII removed) before any AI analysis. Customers can opt out of analytics processing.

    // Security controls

    Encryption in Transit

    TLS 1.2 (minimum) for all data transfers; TLS/SRTP for voice communications

    aircall.io

    Encryption at Rest

    AES-256 encryption for all stored data

    aircall.io

    Authentication

    Two-Factor Authentication (2FA) available; SAML/SSO support for enterprise customers

    aircall.io

    Access Control

    Role-based access control (RBAC); block numbers functionality; audit trails for data access

    aircall.io

    Testing & Audit

    Annual SOC 2 Type II audits; regular third-party penetration testing; active bug bounty program

    aircall.io

    Employee Security

    Background checks required; NDAs for all employees; annual security and privacy training on onboarding

    aircall.io

    Infrastructure

    Hosted on AWS with 99.95% uptime guarantee; multiple availability zones for redundancy; regular backups across AZs

    aircall.io

    Data Breach Response

    24-hour notification for European regulatory requirements

    aircall.io

    // Products & data scope

    Core Platform (Team-Led)Voice/VoIP

    data: Call recordings, SMS, messages, customer metadata, CRM sync

    Traditional phone system with human agent leadership; modern, cloud-based; HIPAA BAA available on request

    AI AssistantsAI/Automation

    data: Real-time call transcription, sentiment analysis, coaching suggestions, automated CRM updates

    Live coaching during calls; call transcription/analysis; automated follow-ups. PII removed before any AI processing. Customer opt-out available for product improvement analytics.

    AI AgentsAI/Automation

    data: Call intent identification, autonomous resolution, escalations with context

    24/7 coverage; handles routine inquiries; escalates complex issues to humans. Does not train on customer data for third-party AI models.

    IntegrationsIntegration

    data: CRM (Salesforce, HubSpot), ticketing (Zendesk), e-commerce (Shopify), business tools (Monday.com, Pipedrive, Microsoft Teams)

    250+ native integrations; automatic conversation and customer data sync

    // What to watch

    • HIPAA is NOT automatic—customers must explicitly notify Aircall and execute a separate Business Associate Agreement before processing PHI. Homepage marketing lists 'HIPAA' but fine print reveals BAA requirement. Fair practice, but homepage could be clearer.
    • AI governance certifications (ISO 42001, CSA STAR Registry) are not held or promoted despite AI-centric product. This is normal for most vendors but worth noting for AI-specific compliance evaluation.
    • AI training posture is strong (no third-party training, customer opt-out for analytics) but should be verified in customer contracts before deployment.
    • Data Privacy Framework compliance claimed but now suspended (effective July 2024); however, SCCs provide lawful basis. Advise customers to verify Aircall's GDPR transfer mechanism at contract signature.

    // At a glance

    Pricing model

    Subscription-based (pay-per-user or per-minute); tiered by feature set and volume

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Aircall.Io, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    aircall.io

    > Browse all vendor trust reports