Back to home

Trust

Security at Ola AI

Last updated: May 12, 2026

Real estate teams trust Ola AI with sensitive lead and client data. We treat that trust as a core product requirement. This page summarizes the controls that protect your data, your calls, and your integrations.

Infrastructure

  • Hosted on SOC 2-audited cloud providers across global regions worldwide.
  • Production environments isolated from development and staging.
  • Infrastructure managed as code with peer review on every change.
  • Automated backups with point-in-time recovery for critical databases.

Encryption

  • Data in transit is encrypted with TLS 1.2+ across the website, dashboard, APIs, and telephony links.
  • Data at rest is encrypted with AES-256.
  • Secrets and API keys are stored in a managed secrets vault with least-privilege access.

Access controls

  • Role-based access in the dashboard with admin, agent, and read-only roles.
  • SSO and 2FA available on Professional and Enterprise plans.
  • Internal access to production data is restricted, logged, and reviewed quarterly.

Calls and recordings

  • The agent plays an opening disclosure that the call is recorded and handled by AI.
  • Recordings and transcripts are stored encrypted, scoped to your workspace, and retained for the period configured in your settings (default 12 months).
  • You can delete or export call data at any time from the dashboard.

Application security

  • Mandatory code review and automated tests on every change.
  • Dependency and container scanning in CI; critical vulnerabilities patched on a defined SLA.
  • Annual third-party penetration testing with remediation tracked to closure.
  • Public vulnerability disclosure inbox: info@creomind.ai.

Monitoring and incident response

  • 24/7 monitoring of availability, error rates, and security signals.
  • Documented incident response plan with on-call rotation.
  • Customers are notified of confirmed incidents affecting their data without undue delay.

Privacy and compliance

  • GDPR- and CCPA-aligned data subject request workflow.
  • Data Processing Agreement available on request.
  • Subprocessor list maintained and shared with Enterprise customers.
  • SOC 2 Type II report in progress; available under NDA when complete.

Your responsibilities

  • Use strong, unique passwords and enable 2FA on your account.
  • Limit dashboard access to teammates who need it, and remove access promptly when they leave.
  • Configure call disclosures to comply with the laws that apply to you and your callers.

Reporting a security issue

If you believe you have found a vulnerability or have a security concern, please email info@creomind.ai with details. We will acknowledge your report within two business days.

Questions? Email info@creomind.ai.