Security & Data Protection

Your data security is our priority. Transparent disclosure of current measures and future roadmap.

Enterprise-Grade Security

Transparency Commitment

We believe in honest disclosure. This page details our current security implementation, measures in progress, and our roadmap for achieving industry-leading certifications. We prioritize transparency over marketing claims.

Current Security Measures

Dimora AI implements multiple layers of security to protect your data:

Infrastructure Security

Enterprise-Grade Hosting

Active

Hosted on enterprise cloud providers with built-in security, physical security controls, and 24/7 monitoring

SSL/TLS Encryption

Active

HTTPS with TLS 1.3 encryption for all web traffic and API communications

API Authentication

Active

Secure API authentication and authorization for all integrations

Secure Infrastructure

Active

Cloud infrastructure with physical security, redundancy, and disaster recovery

Data Encryption

Encryption in Transit

Active

TLS 1.3 encryption for all data transmission between systems and clients

Encryption at Rest

Active

Provider-managed encryption (AES-256 standard) for all stored data

Call Audio Encryption

Active

End-to-end encryption during transmission of voice call data

Credential Storage

Active

Encrypted storage of API keys and integration credentials

Access Control

Two-Factor Authentication

Active

2FA enabled on all administrative and team accounts

Limited Team Access

Active

Only 2 authorized personnel have access to production systems

Role-Based Access Control

Active

Granular permissions based on job function and necessity

Strong Password Requirements

Active

Enforced password complexity and rotation policies

Access Reviews

Active

Regular quarterly reviews of system access logs and permissions

Data Backups

Daily Automated Backups

Active

Client configuration and property data backed up daily

Call Metadata Storage

Active

Redundant storage of call metadata by third-party providers

Version-Controlled Backups

Active

Property information stored with version history

Recovery Procedures

Active

Documented data recovery processes for disaster scenarios

Security Roadmap

We are actively working toward industry-leading security certifications and best practices:

In Progress (2025 Q1-Q2)

SOC 2 Type II Compliance

Q2 2025

Third-party audit and certification for security, availability, processing integrity, confidentiality, and privacy

Third-Party Security Audit

Q1 2025

Independent security assessment by certified auditors

Incident Response Plan

Q1 2025

Formal documentation of security incident response procedures

Security Awareness Training

Q2 2025

Ongoing security training program for all team members

Planned (2025-2026)

Annual Penetration Testing

Q3 2025

Regular third-party penetration testing to identify vulnerabilities

Bug Bounty Program

Q4 2025

Public bug bounty program for responsible vulnerability disclosure

Enhanced Monitoring

Q3 2025

Advanced security information and event management (SIEM) system

Dedicated Security Operations

2026

Full-time security operations team for proactive threat detection

ISO 27001 Certification

2026

International standard for information security management systems

Compliance Standards

CCPA

California Consumer Privacy Act

Compliant

Fully compliant with California privacy regulations. Comprehensive data protection for California residents.

Learn more →

GDPR

General Data Protection Regulation

In Development

GDPR compliance measures in active development. Applying GDPR principles for all users while working toward full certification.

Learn more →

Industry Best Practices

Security & Privacy Standards

Active

Following OWASP, NIST, and industry-standard security frameworks.

Call Recording Laws

Federal & State Regulations

Compliant

Service designed to comply with federal and state call recording consent requirements. Client responsible for jurisdiction-specific compliance.

Incident Response

In the event of a security incident, we follow strict protocols:

1

Detection & Containment

24/7 monitoring of critical systems with immediate escalation procedures

2

Assessment & Investigation

Rapid assessment of incident scope, affected data, and potential impact

3

Notification

Breach notification within 72 hours as required by law to affected parties

4

Communication

Transparent communication via email to all potentially affected clients

5

Remediation

Immediate remediation of vulnerabilities and security gaps

6

Post-Incident Analysis

Comprehensive analysis and implementation of preventative measures

Report a Security Concern: If you discover a potential security vulnerability, please report it immediately to security@dimora.ai. We take all reports seriously and respond promptly.

Third-Party Security

We carefully vet all third-party service providers and require strict security standards:

Security Vetting

All providers undergo security assessment before integration

Data Processing Agreements

Contractual DPAs in place with all data processors

Regular Reviews

Quarterly reviews of provider security practices and compliance status

Certifications Required

Preference for providers with SOC 2, ISO 27001, or equivalent certifications

Limited Data Access

Providers have access only to data necessary for their specific function

Our Key Third-Party Providers

We work with industry-leading providers who maintain enterprise-grade security:

  • Cloud Infrastructure Providers: Enterprise hosting with physical security, SOC 2 compliance, and 99.9% uptime SLA. US-based data centers with redundancy and disaster recovery.
  • Voice AI Platform: End-to-end encrypted voice processing with ISO certifications and GDPR compliance. SOC 2 certified with enterprise-grade security.
  • Database Services: AES-256 encryption at rest, TLS 1.3 in transit, with automated backups and SOC 2 Type II certification.
  • Workflow Automation Services: Secure workflow processing with ISO 27001 certification and encrypted API connections.
  • Communication Services: GDPR-compliant email and notification delivery with enterprise SLA guarantees and data processing agreements.

Detailed Sub-Processor Information: Specific vendor names, locations, and individual certifications are provided in our Data Processing Addendum during client onboarding and are subject to confidentiality agreements.

For enterprise security inquiries or DPA requests: security@dimora.ai

Your Data Protection

You Own Your Data

All property data, call recordings, guest information, and analytics belong to you. We process your data solely to provide the Service and never use it for any other purpose without your explicit consent.

Data Isolation

Complete separation of client data—no cross-contamination between accounts

Secure Deletion

All data securely deleted within 30 days of account termination

Data Export

Export your data anytime in standard formats (JSON, CSV)

No Data Selling

We never sell, rent, or share your data with third parties for marketing

Anonymized Analytics

Aggregate, anonymized data used only to improve AI performance

Security Best Practices for Clients

Help us keep your data secure by following these best practices:

Use Strong Passwords

Create unique, complex passwords for your Dimora AI account (minimum 12 characters, mix of letters, numbers, symbols)

Enable Two-Factor Authentication

Activate 2FA on your account and any integrated services (Guesty, Gmail, etc.)

Secure Your API Keys

Store API keys securely, never share them publicly, and rotate them regularly

Review Access Logs

Regularly review account activity logs for suspicious behavior

Limit Team Access

Grant access only to team members who need it, and revoke access when employees leave

Report Suspicious Activity

Immediately report any unusual account activity to security@dimora.ai

Our Transparency Commitment

We believe security requires honesty, not just marketing claims:

Honest Disclosure

We clearly state what security measures are in place today versus what's planned for the future

Incident Communication

In the event of a security incident, we will communicate transparently about what happened, what data was affected, and what we're doing to prevent recurrence

Regular Updates

We will update this page as we achieve new certifications and implement additional security measures

Open to Questions

We welcome security inquiries from clients, auditors, and security researchers

Contact Our Security Team

Have questions about our security practices or want to report a vulnerability?

Security Inquiries

security@dimora.ai

General security questions, compliance inquiries, or security documentation requests

Report a Vulnerability

security@dimora.ai

Responsible disclosure of security vulnerabilities (please do not publicly disclose until we've had a chance to address the issue)

Bug Bounty Program

Coming Q4 2025 - Details to be announced

Questions About Our Security?

We're here to answer your questions and provide additional documentation.

Contact Security Team
← Back to Home
Privacy PolicyTerms of ServiceGDPR