Trust & security

How SectorScript AI handles your data

This page is maintained by the SectorScript AI team to answer the security, privacy and compliance questions UK telecoms sales teams ask before they buy. It describes the controls that are live in the product today, it is not a third-party certification.

UK-hosted data

Customer data is processed and stored in UK or EU data centres operated by our infrastructure provider. We don't replicate live data outside the region without explicit agreement.

GDPR alignment

We operate as a data processor under UK GDPR. A Data Processing Agreement (DPA) is available on request and signed as part of every paid contract.

TLS in transit

All traffic between your browser, our API and our AI providers is encrypted in transit using modern TLS. We do not accept unencrypted connections.

Encrypted at rest

Databases, call recordings and uploaded transcripts are encrypted at rest using industry-standard AES-256 disk encryption.

Role-based access (RBAC)

Workspaces support distinct roles for salesperson, manager, agency owner and admin. Sensitive operations such as exports and user management are gated by role.

Audit logs

Business

Every meaningful action, login, export, role change, integration change, data delete, is recorded to an immutable audit log visible to workspace admins.

SSO and SAML

Business / Enterprise

Single sign-on with Google Workspace and Microsoft 365, plus SAML 2.0 and SCIM provisioning for enterprise identity providers.

Configurable call-recording retention

Set per-workspace retention windows for uploaded calls and transcripts (30 / 90 / 180 / 365 days, or custom). Old recordings are purged automatically.

Consent capture

A configurable consent script and consent timestamp field is attached to every call record, so reps can confirm consent before recording and you have a defensible audit trail.

Data export

Workspace admins can export all prospects, calls, scripts, scorecards and outcomes to CSV at any time, with no lock-in.

Workspace delete

On cancellation or request, we delete the workspace and all associated personal data within 30 days, with sooner deletion available on request.

AI processing controls

AI calls run through the Lovable AI Gateway. We never use your raw calls, transcripts or scripts to train third-party foundation models. You can switch off optional AI features per workspace.

Anonymised benchmarks vs private workspace

Every workspace chooses how their data is used. The mode is set during onboarding and can be changed at any time in workspace settings.

Shared anonymised benchmark learning

Default

Uses de-identified performance patterns (objection frequency, talk-ratio bands, win rates by sector) to improve sector benchmarks and script recommendations. Never shares raw calls, identifiable data or your scripts.

Private workspace mode

Business / Enterprise

Your scripts, calls and outcomes stay completely private to your workspace. Nothing is fed into shared benchmarks. Recommended for larger teams, carriers and sensitive accounts.

Reporting a security issue

If you believe you've found a vulnerability, please email security@sectorscriptai.com with a description and reproduction steps. We aim to acknowledge within one working day.