Your Data Stays Yours. Period.
Built for ISPs who handle CPNI and subscriber data every day. We take security as seriously as you do.
How Your Data Flows
Multi-tenant architecture with customer-isolated data stores. Encryption at every boundary.
Your VoIP System
VoIP.ms, Atheral, SIP
QueSee Processing
US / EU Data Centers, VPC Isolated
Encrypted Storage
Encrypted Storage, Tenant Isolated
Diagram is illustrative. Full technical architecture documentation available upon request for Enterprise evaluations.
Enterprise-Grade Security. ISP-Specific Compliance.
Encryption
- AES-256 encryption at rest for all stored data
- TLS 1.3 encryption in transit for all data transfers
- Cloud-native secrets management with encrypted credential storage
- Dedicated encryption controls (Enterprise)
- Encryption in transit (TLS 1.3) and at rest (AES-256) across the entire pipeline
Access Controls
- Role-based access control (RBAC) with granular permissions
- Multi-factor authentication (MFA) available for all users
- SSO via Google and Microsoft - your team signs in with accounts they already have. SAML for Okta/Azure AD on the Enterprise roadmap.
- Session management with configurable timeouts and forced logout
- Centralized audit logging of security events (30-day retention)
CPNI & Data Handling
- Supports your FCC CPNI (Customer Proprietary Network Information) compliance
- Strict tenant isolation - no data commingling between customers
- US and EU data residency available - you choose your region
- Data retained per your policy, fully exportable in standard formats
- Data deleted within 30 days of contract termination
- PII suppression rules configurable per scorecard
Infrastructure
- Hosted on enterprise-grade cloud infrastructure with US and EU data center options
- 99% uptime target
- DDoS protection and traffic filtering built into our cloud infrastructure
- Built for high availability with redundant infrastructure across regions
- VPC isolation and network segmentation with private service connectivity
Single Sign-On & Access Management
No separate credentials. Your team signs in with Google or Microsoft accounts they already have.
Supported Identity Providers
Essential Plan
SSO (Google/Microsoft) + MFA. Your team signs in with accounts they already have.
Pro Plan
PopularSSO (Google/Microsoft) + MFA. One-click login through accounts your team already uses. JIT (Just-In-Time) user provisioning supported.
Enterprise Plan
SSO via Google and Microsoft + MFA + SAML on roadmap. Dedicated encryption controls.
Security Features by Plan
Every plan includes enterprise-grade encryption, MFA, and SSO. Higher tiers unlock dedicated controls and advanced audit logging.
| Security Feature | Essential$70/agent/mo | ProPopular$120/agent/mo | EnterpriseCustom |
|---|---|---|---|
| Enterprise-Grade Security Controls | |||
| AES-256 Encryption (at rest + in transit) | |||
| Multi-Factor Authentication (MFA) | |||
| Role-Based Access Control (RBAC) | |||
| Standard Audit Logging | |||
| SSO (Google/Microsoft) | |||
| Advanced Audit Logs (extended retention, export) | — | ||
| Custom Data Retention Policies | — | ||
| Dedicated Encryption Controls | — | — | |
| Dedicated Instance Option | — | — | |
| Data Residency | US | US | US & EU |
| Custom DPA | — | — | |
| Business Associate Agreement (BAA) | — | — |
Subprocessor Disclosure
Full transparency on who handles your data and why. We notify customers 30 days before adding new subprocessors.
Zero data retention for call audio.
Call audio is analyzed in isolated infrastructure in your region (US or EU), then the model discards it - it's never stored, and our analysis provider runs with zero data retention. The insights we generate are kept in your QueSee environment for the term of your subscription.
Your Data Stays Where You Choose
We offer both US and EU data residency. You choose your region, and your data is processed and stored there - it doesn't move between regions.
| Subprocessor | Purpose | Data Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure (managed database hosting) | United States |
| Google Cloud Platform | Cloud hosting, compute, storage, and AI services | United States |
| MongoDB Atlas | Database hosting (insights and subscriber profiles) | United States |
| Firebase (Google) | Authentication | United States |
| Vercel | Frontend application hosting | United States |
| Anthropic | Engineering support tooling (no model training) | United States |
| PostHog | Product analytics and session replay | United States |
| Formspree | Contact form processing | United States |
This list covers key subprocessors. A complete, regularly updated subprocessor list is available upon request. Contact security@quesee.ai for the full list.
Rolling Out QueSee to Your Team?
Here's what your agents need to know. Share this with your team before rollout.
No new recordings
QueSee analyzes call recordings you already have. It doesn't record anything new or add any monitoring software to agent workstations.
Agents see their own data
Agents can see their own scores, coaching insights, and performance trends. It's a coaching tool, not a surveillance tool.
Controlled visibility
Individual agent data is visible to authorized managers only - not broadcast to the whole company. Permissions are role-based.
Coaching, not punishment
The purpose is coaching and continuous improvement, not surveillance or punitive action. We recommend transparent rollout communication.
“Introducing QueSee to Your Team” One-Pager
A ready-to-share document explaining what QueSee does, what agents can see, and how their data is handled.
Security & Compliance FAQ
Answers to the questions your IT and security teams will ask.
What security controls does QueSee have in place?
Where is my data stored?
Do humans access my call recordings?
How do you handle CPNI?
Can I submit a security questionnaire?
What's the uptime SLA?
Can I export my data if we leave?
Do you support SSO?
What subprocessors do you use?
Is a BAA or custom DPA available?
Can I run my own penetration test against QueSee?
Security-First. ISP-Built. Ready for Your Review.
14-day free trial. No credit card. Enterprise-grade security controls. CPNI aware. Your security team will thank you.