IntelePeer Info Security Overview

At IntelePeer, we strive to ensure the highest quality and reliable services to our customers, and securing personal data received from our customers is no exception.  In servicing billions of phone calls for thousands of customers, we have never had any security-related incidents that opened a vulnerability for any customers, because of our diligence in protecting our customer data against unwarranted access through enhanced security protocols, including:

1. Secure production network which is subject to regular vulnerability testing;

2. Disciplined network access procedures in which only authorized personnel can access to perform their job function; 

3. Highly disciplined, monitored upgrades to the network & network systems;

4. Direct private circuits into and out of our network; and 

5. Encryption of signaling and media (TLS/SRTP).

To further ensure data security, IntelePeer never collects or stores DTMF digits or audio recordings, and only enables call recordings at the express request of the customer for troubleshooting purposes.  Any recordings are retained pursuant to our record retention policy.  Call statistics for network monitoring and capacity planning activities are maintained only at an aggregated level. 

IntelePeer self-certifies as a Merchant for PCI in our handling and processing of credit cards for the purposes of our customers’ payments, which are processed entirely through PCI compliant third-party providers, and are never stored or directly accessed by IntelePeer. 

With the recent launch of our international Atmosphere CPaaS offering, we designed the solution with the policies, procedures and functionality necessary to ensure our CPaaS platform satisfies the obligations set forth in the EU GDPR.  As a market leader in CPaaS, it became clear earlier this year that many of our customers could benefit from us taking the next steps to have our Atmosphere CPaaS solution become fully HIPAA compliant, with the ultimate goal of achieving SOC 2. 

Additional Details

GDPR 
In 2019, IntelePeer introduced its Atmosphere CPaaS to enterprise customers in the European Union.  As a result, IntelePeer designed the CPaaS solution with the policies, procedures and functionality necessary to ensure our CPaaS platform satisfies the personal data protections set forth in the EU GDPR.  IntelePeer continues to introduce additional features, functionalities and applications for Atmosphere CPaaS developed with the Privacy by Design approach required by GDPR.

HIPAA
As of December 2022, IntelePeer is compliant with the Health Insurance Portability and Accountability Act (HIPAA), the U.S. national standard set for health information security and privacy. IntelePeer is committed to the protection of its customers’ data and ensuring its solutions meet the stringent requirements of applicable data protection regulations. For more information, please check out: https://intelepeer.ai/blog/intelepeer-announces-hipaa-compliance/.

PCI
IntelePeer self-certifies as a Merchant for PCI in our handling and processing of credit cards for the purposes of our customers’ payments, which are processed entirely through PCI compliant third-party providers, and are never stored or directly accessed by IntelePeer. We completed our PCI certification in December of 2022. IntelePeer currently meets the process, procedures, and network architecture for PCI service provider compliance.