Security Features
of Callpilot

Secure Coding Practices:

  • Code Repository Security: All code is securely stored on GitLab, ensuring controlled access and version control.
  • Input Validation: Inputs are meticulously validated to uphold data integrity, mitigating potential vulnerabilities.
  • XSS Attack Prevention: User inputs are HTML encoded to thwart Cross-Site Scripting (XSS) attacks, leveraging web framework tools.
  • Zero Code Warnings: Striving for code excellence, Callpilot maintains a zero-tolerance policy towards code warnings.
  • Configuration Management: Configuration, secrets, and passwords are segregated per environment, enhancing security.
  • Secret Management: Secret information is securely stored on Azure Key Vault with restricted access, accessible only through Managed Identities for passwordless authentication.
  • Data Protection: Sensitive data is encrypted using RSA keys with a size of 2048 bits, ensuring confidentiality.
  • Authorization Policies: Access to resources is regulated through authorization access policies, controlling permissions.
  • Role-Based Access Control (RBAC): Azure resource access is restricted using RBAC, limiting privileges based on roles.
  • Code Review Process: All new code additions undergo a stringent review process, requiring at least one other developer's approval via pull request before merging.

Deployment Security Practices:

  • Limited Administrator Access: Only a restricted subset of employees are designated as administrators, minimizing potential security risks.
  • Sandbox Environment: Isolated testing environments, mirroring production but with redacted values, are utilized for rigorous testing.
  • Staging Slots: Staging slots are employed during deployment to minimize downtime and ensure smooth transitions.
  • Deployment Approval: Deployment to higher environments necessitates approval, maintaining control over system changes.
  • Azure Deployment Pipeline: Code deployments are managed through an Azure Deployment pipeline, with restricted access to authorized personnel.
  • Automated Secrets Management: Passwords and secrets are managed through automated processes wherever necessary, reducing manual errors and enhancing security.
  • Patch Management: Platform-as-a-Service (PAAS) services are utilized to promptly apply security patches, mitigating vulnerabilities.
  • Package Verification: External packages undergo thorough verification before integration, mitigating risks associated with third-party dependencies.
  • Static Code Analysis: Tools like CodeSonar are planned to be employed for static analysis, identifying and mitigating known security risks in code and external packages.

Multitenancy

  • Tenant-Specific Data Organization: User data is logically organized by Tenant ID, with all queries automatically including this identifier using our custom framework, eliminating reliance on developers to include it.
  • Tenant-Specific Containerization: Survey videos are stored in separate containers for each tenant, ensuring data isolation and security between tenants.

Leverage Callpilot's AI-driven surveys to enhance security, foster trust, and expedite the onboarding process for verified customers.
© 2024 Callpilot | All rights reserved.
Terms of ServicePrivacy PolicySecurity Features
Improve security, build trust, and quickly onboard verified customers by utilizing Callpilot's AI-powered surveys.