Callshu is built with security as a core requirement, not an afterthought. This page describes the technical and organizational measures we use to protect your data and your employees' data.
All connections between your browser and Callshu, and between Callshu and its sub-processors, are encrypted using TLS (HTTPS). No data is transmitted in plaintext.
Our database is hosted on Railway's managed PostgreSQL infrastructure, which provides encryption at rest for all stored data. Passwords are never stored in plaintext — they are hashed using bcrypt with a cost factor of 12.
Callshu uses JWT (JSON Web Tokens) with token versioning for session management. Token versioning allows immediate invalidation of all sessions when a password is changed or an account is compromised. Email verification is required at registration.
Authentication endpoints (login, registration, password reset) are rate-limited to 10 attempts per 15 minutes per IP address. General API endpoints are rate-limited to 200 requests per minute per IP address. Preview calls (used to hear what employees will hear) are limited to 5 per 15 minutes to manage telecommunications costs.
Access to production systems and customer data is restricted to authorized personnel with a legitimate need to know. Administrative functions require a separate privilege level enforced at the database level. All administrative actions are recorded in the audit log.
All incoming webhooks from Twilio are cryptographically validated using Twilio's request signature verification. Requests that fail validation are rejected. This prevents spoofed webhook attacks.
All user inputs are validated and sanitized on the server side. Request body sizes are limited. HTML content in emails is escaped to prevent injection attacks.
Callshu enforces consent at multiple levels: an SMS opt-in is sent to every employee before they can be called; consent status is verified at campaign creation and again immediately before each individual call; employees can opt out at any time by replying STOP; and a complete audit trail is maintained for every consent event.
Every Callshu account is manually reviewed before activation. No automated self-serve access is granted. This ensures that only legitimate businesses with real employment relationships use the platform.
Callshu maintains comprehensive audit logs of account activity, including logins, configuration changes, campaign actions, consent events, and administrative operations. Audit logs are retained for up to 2 years and are available to administrators via the dashboard. Weekly audit reports are generated automatically every Monday and delivered by email to the Callshu operations team, including a full CSV and PDF of all audit events from the prior week.
Application errors are tracked using Sentry (when enabled), which captures error reports and request metadata without collecting personally identifiable information by design.
The Callshu backend and database are hosted on Railway's managed infrastructure in the United States. The frontend is hosted on Netlify's global CDN. Both providers maintain their own security certifications and compliance programs.
All phone calls and SMS messages are routed through Twilio, a publicly traded telecommunications provider (NYSE: TWLO) with SOC 2 Type II certification, ISO 27001 certification, and HIPAA compliance capabilities.
Callshu maintains internal incident response procedures. In the event of a security incident that affects customer data, we will notify affected customers within 72 hours and provide details about the nature of the incident, the data affected, and the remediation steps being taken. For full details, see our Privacy Policy (Section 10).
Callshu does not record calls. Call audio is processed in real-time by Twilio for speech delivery and keypress detection only. No audio recordings are created, stored, or retained.
If you have security-related questions or need to report a vulnerability, contact us at support@callshu.com.