Siro Blog

Siro’s Security Posture and SOC 2 Journey

Categories
Best Practices
Sales Enablement
Siro News
Team Siro
More articles
April 29, 2025
Siro’s Security Posture and SOC 2 Journey

Your Data, Our Priority: Siro’s Security Posture and SOC 2 Compliance

TL;DR:
  • Siro has achieved SOC 2 Type 1 compliance, with Type 2 in progress, demonstrating our commitment to top-tier security standards.
  • Your data is stored securely on Google Cloud (Central U.S. region), encrypted at rest and in transit, with robust backup and redundancy systems.
  • We don’t sell or share your data – it's used only to provide and improve your experience within your private Siro environment.
  • Siro includes built-in redaction tools and access controls, ensuring sensitive info stays protected and access is limited to the right people.
  • You have full control of your data: we offer data deletion on request and make it easy to export your recordings and transcripts.

We know data security is a top concern when you’re considering Siro. You’re trusting us with sensitive recordings of your sales conversations, and you deserve straight answers about how we protect that data. 

In this post, we’ll explain where we stand with security today – including our recent SOC 2 Type 1 compliance milestone – and answer the most common questions we hear about data storage, privacy, and protection.

SOC 2 Type 1 vs. Type 2: What’s the Difference?

One of the biggest steps we’ve taken is achieving SOC 2 Type 1 compliance. There are two levels of SOC 2 compliance: Type 1 and Type 2.

  • SOC 2 Type 1 verifies that we have the right security controls and processes in place at a specific point in time. An independent auditor reviewed Siro’s policies, procedures, and systems and confirmed that our controls (for things like data handling, access, and risk management) are properly designed.

  • SOC 2 Type 2 goes a step further. It evaluates how well those security controls actually work over a period of time (usually several months). In a Type 2 audit, an auditor doesn’t just check that we have security measures; they verify that we consistently follow them in day-to-day operations.

Why does this matter? It means Siro is not only saying we take security seriously – we’ve had a third-party auditor put us under the microscope to prove it. Achieving Type 1 compliance is a significant milestone for us as a growing company, and it paves the way for the more rigorous Type 2 certification. In fact, we’re already hard at work on the SOC 2 Type 2 audit process. Our goal is to reach full SOC 2 Type 2 compliance as soon as possible, demonstrating that our security controls aren’t just documented, but are actively working day in and day out.

Where Are My Recordings Stored?

Your recordings are stored securely in the cloud – specifically on Google Cloud Platform’s central US region servers with enterprise-grade security. We chose Google Cloud as our hosting partner because of its robust security and reliability. Your data isn’t sitting on a rep’s phone or a local server in someone’s closet; it’s in a world-class data center with 24/7 security staff, biometric locks, and redundant systems to protect against outages.

A few key points about storage:

  • Geographically Central & Secure: Keeping data in Google’s central region (U.S.) means low latency across the country and a controlled environment for data residency. This single-region approach also makes it easier to manage and protect (no data scattered all over the globe). Google’s data centers meet strict industry standards (like ISO 27001 and others), so we inherit a strong base of security certifications just by hosting there.

  • Encrypted at Rest and in Transit: All Siro recordings and transcriptions are encrypted when stored in our databases (so if someone somehow got the raw files, they’d be gibberish without the decryption keys). Likewise, any time you access Siro – say, when the app on your phone uploads a recording or you play back a conversation in the web dashboard – that data is encrypted while it travels over the internet. We use modern encryption protocols (TLS/SSL for data in transit) to ensure no eavesdroppers can listen in.

  • Backups and Redundancy: We regularly back up your data within our secure cloud environment. This means that even if there were an incident like hardware failure, your recordings would remain safe and retrievable. Backups are encrypted and protected with the same rigor. (And if you ever need us to delete data, we have processes to delete those backups as well – more on deletion below.)

The bottom line is your recordings are stored in a secure, central cloud repository that’s protected to the highest standards. We’ve taken great care to ensure that from the moment a conversation is recorded, it’s handled safely and only stored in environments we trust.

What Do You Do With My Data? Does Your AI Use It?

This is a great question, and one we love answering because it hits at the heart of trust. In short: We use your data only to improve your experience with Siro – and nothing else. It’s your data, and we treat it that way. That means we do not sell your data, share your recordings with third parties, or use your content to train some global AI model that benefits others.

Here’s exactly how we handle your data and our AI:

  • Service Delivery: We use your recordings and transcripts to provide Siro’s core functionality to you. That includes things like transcribing your sales meetings, analyzing conversations for coaching insights, and generating the AI-powered feedback and analytics that add value for your team. All of this happens within your own secure instance of Siro.

  • No Sharing or Selling: We want to be crystal clear – we do not share your data with any third parties except as needed to provide the service (for example, our speech-to-text provider, who is under strict contracts, can only use the data for transcription and is held to the highest standards of security with SOC 2 certifications). And we absolutely never sell customer data. Your trust means more to us than any short-term gain. Our business model is providing a great software service, not monetizing your information.

  • Anonymized Aggregates (Internal Improvements): The only time data might leave your individual silo is in an anonymized, aggregated form to help us improve Siro overall. For instance, we might look at aggregated statistics like “percent of calls that mention a certain keyword” across all users to fine-tune our transcription accuracy or AI coaching algorithms. But those aggregates contain no personal or identifiable information – they are just numbers that help make the product better for everyone. And even this is handled carefully under our security controls. We primarily focus on improving each customer’s experience with their own data.

To put it simply, your data is used to help you, full stop. 

Do You Redact Information? What Are Your Permissioning and Access Controls?

Yes – we understand that within your recordings there may be sensitive information (like customers’ personal details, payment info, or anything confidential), and not everyone in your organization should have the same level of access. Siro offers tools for both automatic data redaction and robust permission controls to keep sensitive info under wraps.

Data Redaction: We’ve built automatic redaction capabilities into Siro’s transcription and analytics process. This means our system can detect certain types of sensitive data – for example, credit card numbers, phone numbers, emails, or other personally identifiable information – and redact them from transcripts and audio where appropriate. You might see a transcript line in Siro that shows **** or a placeholder instead of the actual credit card number that was spoken. The goal is to prevent sensitive personal data from ever being exposed or stored in plain text. Redaction helps protect privacy for your customers and your business, reducing risk if someone were to access a transcript.

Permissioning & Access Controls: Siro gives you granular control over who can access recordings and data within your team. In Siro, you can define user roles and set permissions accordingly. For example:

  • Sales reps might only be able to view and play back their own recordings (and perhaps a library of best-practice calls shared by managers), but not everyone else’s.

  • Sales managers might have access to their team’s recordings for coaching purposes.

  • Admins or owners can have full access to all data, plus control over system settings.

These permission settings are flexible, so you can align Siro with your company’s policies. Need a custom setup? Our team can work with you to configure it properly.

In summary, we redact sensitive info to protect privacy, and we give you controls to limit access to your data. You decide who in your organization sees what, and our system is built to enforce those rules. We’ve got your back in keeping confidential information confidential.

Can You Delete Recordings If a Customer Asks You To?

Absolutely. You are in control of your data, and that includes the right to delete it. If at any point you need a recording (or any piece of data) deleted, we will delete it – no questions asked. We also have features that allow you to mark a conversation as private – in this instance, you can track that the conversation occurred, but remove the ability for the broader team to view the recording without deleting it for good. 

Our philosophy is that customer data belongs to the customer. If you decide to stop using Siro, you can request a full deletion of all your recordings and associated data from our systems. We have processes in place to ensure that when a deletion request is made, the data is securely removed from our live databases and any active storage. We also purge it from backups and archives in accordance with our retention policies, so it’s completely gone in a reasonable timeframe. In short, “delete means delete” with Siro – we won’t hold onto data that you’ve asked us to remove.

Between our redaction features, permission controls, and deletion support, we aim to give you full sovereignty over your data. From creation to storage to deletion, you call the shots. Our role is to safeguard the data and respect your decisions about it at every stage.

Final Thoughts: Earning Your Trust Every Day

Security and privacy aren’t one-time achievements – they are an ongoing commitment. Achieving SOC 2 Type 1 compliance is an exciting milestone for Siro, but it’s just one step on our journey. We’re using it as a springboard toward SOC 2 Type 2 and continuously strengthening our security posture. Our customers (you) can expect us to keep raising the bar on data protection as we grow.

Siro is the intelligence platform for in-person sales, and secure data is what makes intelligence possible. Our customers trust us to help them see what’s really happening in the field, and they count on us to protect every second of that insight.

Book a Demo
Best,
Jake Cronin & Joseph Jordan
Co-CEOs, Siro.ai
Unlock Missing Revenue Today
Book a Demo

Correct mistakes.
Close more deals.

With Siro, your next breakthrough fits in your pocket.
Book a Demo
Book a Demo

Sales is hard.

Sales is universal.

Sales is noble.

© 2024 All rights reserved. Privacy Policy | Legal
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.