KosherAgent.

Security

Built around your voice.

Voice data is some of the most sensitive data anyone can hand a service. Below is exactly how we protect yours, the threats specific to voice AI we account for, and what we are working toward.

Our security philosophy

We design KosherAgent around three principles. Minimize — collect the smallest amount of voice data needed to operate the service, and delete it on a published schedule. Isolate — assume any single component will be compromised eventually, and design so that a breach in one place cannot cascade. Be honest — never claim a certification we have not earned, never display a badge we cannot back with an artifact.

Encryption

  • In transit: TLS 1.3 for control traffic. SRTP for live media (voice).
  • At rest: AES-256 across all storage layers. Keys are rotated on a regular schedule and managed via a cloud Key Management Service.
  • Database fields: additional field-level encryption for the most sensitive content (transcripts, contact data).
  • Backups: encrypted at rest, separately keyed, geographically separated.

Network & application security

  • DDoS & abuse protection at the edge. Per-caller rate limits on every public endpoint.
  • Web Application Firewall in front of administrative interfaces.
  • Isolated network segments — voice processing, customer data, and administrative tooling each run in separate trust zones with explicit allow-lists between them.
  • Secure software development: code review on every change, automated dependency scanning, secrets-management to keep credentials out of source control.
  • No customer data in logs. Operational logs are scrubbed of voice content and personally identifiable information before they leave the running system.

Authentication & access control

  • Caller authentication: by phone number, then by voice biometric for enrolled household members. Sensitive actions require an additional spoken PIN.
  • Internal access: mandatory multi-factor authentication on every employee account. No shared logins.
  • Role-based access control (RBAC): least-privilege principle — engineers do not get production data access by default; access requests are time-bound and audit-logged.
  • Session timeouts on all administrative tools; automatic device deauthorization after extended inactivity.

Voice-AI specific threats we account for

Voice AI has its own threat model that's different from a typical SaaS. We design for and test against:

  • Voice cloning & impersonation: sensitive actions (changing account info, large purchases, password resets) require additional authentication beyond voice — a spoken PIN, callback verification, or step-up factor.
  • Adversarial audio: hidden commands embedded in audio that humans can't hear. We filter the input audio band and reject signals outside human-speech ranges.
  • Prompt injection: attempts to override the agent's instructions through what a caller says. We sandbox every user-supplied request behind a policy layer that the model can't override.
  • Unintended recording: we never record outside the active call window. Recording starts at call answer and stops when the call ends.
  • Cross-caller data leakage: household members on a shared phone line have isolated profiles; one user's calendar, reminders, and emails are not visible to another, even on the same account.

Data minimization & retention

  • Live audio: not retained beyond the duration of the call.
  • Transcripts: retained briefly so your assistant can recall context across calls. Default window in our Privacy Policy.
  • Derived summaries (e.g., reminders, your name): retained until you delete them or close your account.
  • AI model training: we do not use your voice or transcripts to train AI models.
  • Selling: we never sell your conversations.
  • Secure deletion: when you ask us to delete data, we overwrite the storage record and purge it from backups on the next backup-rotation cycle (≤ 30 days).

Data residency

KosherAgent is operated from the United States. All primary processing of voice data happens in US data centers. Some operational telemetry may transit edge networks outside the US. Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards.

Audit logging & monitoring

  • Every administrative action — data access, configuration change, account modification — is audit-logged with timestamp and identity.
  • Logs are write-only from the perspective of operators; we cannot edit or delete the audit trail.
  • Anomaly detection on access patterns triggers automatic alerts to the on-call engineer.

Backups & business continuity

  • Backups: automated, encrypted, geographically separated.
  • Recovery point objective (RPO): ≤ 24 hours for customer state.
  • Recovery time objective (RTO): ≤ 4 hours for the voice service.
  • Disaster recovery: documented runbook, tested annually.

Employee & vendor security

  • Background checks on all employees with production data access.
  • Annual security training for all staff.
  • Confidentiality agreements on hire.
  • Vendor review: third-party services are reviewed before onboarding. We require signed Data Processing Agreements and SOC 2 / ISO 27001 attestations from any vendor that touches customer data. The specific vendor list is disclosed to enterprise customers and to any user who emails privacy@thekosheragent.com requesting it.

Incident response

  • Detection: monitoring + on-call engineer 24/7 for production incidents.
  • Triage SLA: initial assessment within 1 hour of alert.
  • Customer notification: we will notify affected users within 72 hours of confirming a data breach involving their personal information, consistent with GDPR Art. 33 / 34. For enterprise customers, the contractual notice window is in our DPA.
  • Post-incident: a written root-cause analysis is shared with affected customers within 30 days.

Penetration testing

Independent external penetration testing is planned on an annual cadence once we exit the early-pilot stage. Reports will be available to enterprise customers under NDA.

Compliance roadmap

  • SOC 2 Type I: kickoff planned. We will publish the auditor and target completion date when work begins. Type II will follow after the observation window.
  • GDPR & CCPA: see the Privacy Policy for the full text of how we comply.
  • HIPAA: not in scope. We do not handle protected health information.
  • PCI DSS: not in scope at present. We do not currently process payment-card data through the service. Card payments for any future paid plan will go through PCI-compliant payment processors.
  • FERPA: not in scope. We do not handle student education records.

We do not display badges for certifications we have not earned. If you see a badge here, we have the artifact to back it.

Vulnerability disclosure

If you believe you've found a security issue, please email security@thekosheragent.com with as much detail as you can share. We commit to:

  • Acknowledging your report within 3 business days.
  • Investigating and providing a status update within 10 business days.
  • Coordinating disclosure with you, with a 90-day default window.
  • Crediting researchers who request credit.
  • Not pursuing legal action against good-faith security research that follows responsible-disclosure norms (no data exfiltration, no disruption of service, no privacy violations of other users).

We do not currently offer monetary bug bounties. We're a small team — your report is taken seriously regardless.

Enterprise & partner inquiries

For deeper diligence (security questionnaires, SOC 2 reports under NDA, signed DPAs, vendor list, custom data-residency arrangements), email partnerships@thekosheragent.com.