Security

We know you're trusting SUPERFLY with your pitch, your data, and your customers' conversations. Here's how we protect it.

Hosting & infrastructure

The Service runs on reputable cloud infrastructure with managed, monitored environments and regular patching.

Encryption

Data is encrypted in transit (TLS) and at rest. Credentials and secrets are stored using industry-standard protections.

Access controls

Access to production systems is restricted on a least-privilege basis, with authentication and audit logging. Within your account, team roles let you control who can see and do what.

Call data & recording storage

Recordings and transcripts are stored securely and accessible only to authorized users in your account, subject to your retention settings.

Subprocessors

We use a limited set of vetted subprocessors (hosting, AI, payments) under contracts that require appropriate protections. See our Privacy Policy for how data is handled.

Compliance roadmap

We align our practices with widely recognized standards and are pursuing formal certifications (e.g., SOC 2) and regional compliance (e.g., GDPR). Current status and any in-progress items are available on request — we mark aspirational vs. current honestly.

Responsible disclosure

Found a vulnerability? Please report it to hello@joinsuperfly.com and give us a chance to fix it before public disclosure. We appreciate the help.