// Trust & Security Report
Aircall.Io, Inc.
Cloud-based AI-powered customer communications platform with unified voice, SMS, and messaging. Features AI agents for 24/7 customer coverage, AI assistants for real-time coaching and automation, call center management, integrations with 250+ business tools (Salesforce, HubSpot, Zendesk, etc.), and healthcare-specific compliance (HIPAA BAA available).
Certifications held
9
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on aircall.io“SOC 2, Type II standards or its equivalent through independent, qualified third-party auditors. Aircall conducts at least annual audits.”
Verify on aircall.io“Aircall's security program is aligned with ISO 27001 and SOC II standards. Aircall hosts Personal Data primarily in AWS data centers that have been certified as ISO 27001... compliant.”
Verify on aircall.io“GDPR applies to the Processing of Personal Data if and to the extent conditions set forth by Art. 3 of the GDPR are fulfilled. Aircall is certified under the EU-U.S. Data Privacy Framework.”
Verify on aircall.io“For covered entities or business associates under HIPAA who plan to process protected health information (PHI), Aircall offers customers the opportunity to enter into a Business Associate Agreement. Designed to safeguard PHI disclosed pursuant to a business associate agreement in line with HIPAA Privacy and Security Rules.”
Verify on aircall.io“NIST – Framework implementation (referenced as security standard alignment)”
> Show 2 unconfirmed / not-held certifications
No public evidence of ISO/IEC 42001 certification on vendor domain, despite AI-powered product features.
No public evidence of Cloud Security Alliance STAR Registry membership (CSA CAIQ Level 1 achieved, but STAR Registry not mentioned).
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Primary locations: US (Oregon), EU (Frankfurt), Australia (Sydney). Data Privacy Framework certified for EU-US transfers. Uses Standard Contractual Clauses for non-adequate jurisdictions. Secondary transfers to India noted.
Aircall does NOT use customer call data or recordings to train third-party AI models. However, product improvement analytics (transcriptions, usage patterns) are available for processing on customer data with express opt-out capability. Call recordings are anonymized (PII removed) before any AI analysis. Customers can opt out of analytics processing.
// Security controls
Encryption in Transit
TLS 1.2 (minimum) for all data transfers; TLS/SRTP for voice communications
aircall.ioAuthentication
Two-Factor Authentication (2FA) available; SAML/SSO support for enterprise customers
aircall.ioAccess Control
Role-based access control (RBAC); block numbers functionality; audit trails for data access
aircall.ioTesting & Audit
Annual SOC 2 Type II audits; regular third-party penetration testing; active bug bounty program
aircall.ioEmployee Security
Background checks required; NDAs for all employees; annual security and privacy training on onboarding
aircall.ioInfrastructure
Hosted on AWS with 99.95% uptime guarantee; multiple availability zones for redundancy; regular backups across AZs
aircall.io// Products & data scope
data: Call recordings, SMS, messages, customer metadata, CRM sync
Traditional phone system with human agent leadership; modern, cloud-based; HIPAA BAA available on request
data: Real-time call transcription, sentiment analysis, coaching suggestions, automated CRM updates
Live coaching during calls; call transcription/analysis; automated follow-ups. PII removed before any AI processing. Customer opt-out available for product improvement analytics.
data: Call intent identification, autonomous resolution, escalations with context
24/7 coverage; handles routine inquiries; escalates complex issues to humans. Does not train on customer data for third-party AI models.
data: CRM (Salesforce, HubSpot), ticketing (Zendesk), e-commerce (Shopify), business tools (Monday.com, Pipedrive, Microsoft Teams)
250+ native integrations; automatic conversation and customer data sync
// What to watch
- HIPAA is NOT automatic—customers must explicitly notify Aircall and execute a separate Business Associate Agreement before processing PHI. Homepage marketing lists 'HIPAA' but fine print reveals BAA requirement. Fair practice, but homepage could be clearer.
- AI governance certifications (ISO 42001, CSA STAR Registry) are not held or promoted despite AI-centric product. This is normal for most vendors but worth noting for AI-specific compliance evaluation.
- AI training posture is strong (no third-party training, customer opt-out for analytics) but should be verified in customer contracts before deployment.
- Data Privacy Framework compliance claimed but now suspended (effective July 2024); however, SCCs provide lawful basis. Advise customers to verify Aircall's GDPR transfer mechanism at contract signature.
// At a glance
Pricing model
Subscription-based (pay-per-user or per-minute); tiered by feature set and volume
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Aircall.Io, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
aircall.io