Security at OpenPhone: How we protect your information

We take a lot of pride in delivering a secure and reliable product and protecting our customers’ information. Security is an ongoing process and we strive to keep improving. Here's an overview of our security practices, protocols, and tooling:


We utilize the Amazon Web Services platform. Your communications are secured using 256-bit AES encryption and your data is stored in redundant databases across several physical locations for both security and availability purposes.

Our services are protected by Cloudflare. You can view our status page here.


We perform daily backups of all our databases and hourly backups of several high-priority databases. Your data is retained as long as you need it.

We support data privacy principles such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). While we support many common tasks like deleting user and account data, you can contact our Support Team to request your data to be removed from all our systems.


Text messages are encrypted in transit between the OpenPhone application and the carrier.

Calls are made using WebRTC technology, which means signaling for call setup is executed using WebSockets via TLS to provide complete privacy and data integrity.

We encrypt your data at rest using the industry standard AES-256 encryption algorithm.


We are SOC 2 compliant. This ensures that we continue to take every precaution for any potential cyber attacks — and that your data stays protected. Learn more here

We also maintain an audit log of all events and account changes across your organization. We are able to provide it upon request.

Billing / Payments

We use the best-in-class payment processor, Stripe. Stripe is PCI compliant and certified to PCI Service Provider Level 1, which is the most stringent level of certification available in the payments industry.

If you have any other questions, please submit a request here. We're happy to help!