Security and compliancedesigned in, not bolted on
Consent, audit, escalation, and access controls designed into every communication workflow.
Trust controls built into every workflow
Security features available across all plans, configurable for your deployment
Consent & opt-out
Every inbound and outbound SMS and call records consent state, opt-outs, source, timestamp, and agent overrides in a tamper-evident ledger.
Tamper-evident audit events
Audit events track who accessed transcripts, exported data, or changed flows. Structured logs are exportable to your SIEM or compliance review system.
A2P / TCPA support
Guided A2P registration workflow with STOP/HELP handling, opt-out enforcement, and campaign status tracking designed to support A2P program compliance.
HIPAA-ready deployment
Deployment patterns, access controls, and workflow configuration available with BAA and a compliance configuration review. Not a toggle — requires setup and review.
Data boundaries & retention
Configurable data TTL per channel. Define what is stored, for how long, and export or delete on request. Supports data minimization practices.
Role-based access control
Four roles: Admin, Operator, Viewer, and Compliance Reviewer. Each has scoped permissions to conversations, exports, flow edits, and audit logs.
Human escalation paths
Configurable escalation rules route conversations to human agents based on topic, sentiment signal, or explicit escalation request. No dead ends.
AI safety controls
QotBot responds only from approved knowledge. Fallback and refusal rules prevent out-of-scope responses. Prompt versions are logged with each conversation.
Compliance posture
Controls are designed and configured — not automatically certified. Status reflects our design intent and available review process.
SOC 2-aligned security controls; report available for enterprise review upon request.
HIPAA-ready deployment patterns available with BAA and a configuration review. Requires setup.
Privacy and data-handling controls designed to support GDPR-oriented requirements.
Consent, STOP/HELP, and opt-out workflows designed to support A2P program compliance requirements.
QotBot does not claim certification status that has not been independently verified. Enterprise customers may request security documentation for their own compliance reviews.
Deployment options
Choose the deployment model that fits your compliance requirements
Shared cloud
Standard deployment on Cloudain-managed infrastructure. Suitable for most SMB and commercial use cases.
Dedicated tenancy
Dedicated environment with isolated storage and compute. Available for enterprise and regulated-industry customers.
Custom deployment review
For healthcare, financial services, and government — work with our team to configure HIPAA-ready or jurisdiction-specific deployment.
Request security documentation
SOC 2-aligned controls summary, security policies, and BAA review available for enterprise customers upon request.