Security & compliance

Recordings are evidence. We treat them that way.

A blackbox is only useful if the data inside it is trustworthy and tightly controlled. Security isn't a tier — these controls are how the product is built.

Signed playback Tenant isolation Consent evidence Anti-fraud limits

Tenant isolation on every query

Data is partitioned per workspace and enforced server-side. The backend never trusts a tenant id sent by the client — membership is verified on every request.

Role-based access control

Owner, manager, and rep roles gate what each person can see and do. Reps reach their own calls; managers see the team; the web dashboard is manager-only by design.

No raw recording URLs

Object storage is never exposed directly. Recordings stream through a backend proxy and short-TTL signed URLs, and every playback is written to an access log.

Signed, audited webhooks

Provider webhooks are signature-validated and the raw payload is stored for audit. Unsigned or invalid callbacks are rejected — calls are never silently dropped.

Anti-fraud guardrails

A country allowlist (US/CA initially), per-user outbound rate limits, and per-tenant spend caps. Unusual volume triggers automatic suspension of outbound calling.

Consent & retention controls

A consent event is recorded on every call with prompt version and result. Recording retention is configurable per workspace; deleting metadata never deletes the raw recording outside policy.

Data handling

What happens to your data.

Encryption

Secrets encrypted at rest (Fernet); credentials such as CRM tokens are never stored in plaintext.

Recording integrity

Every recording is hashed with SHA-256 at ingestion and stored with provider + recording id for tamper-evidence and idempotency.

Access logging

Recording playback is logged per user, per call — who listened, and when.

Least privilege

Reps cannot disable recording, suppress consent, change caller id without permission, delete recordings, or export team-wide data.

Data residency

Recordings live in your company-controlled S3-compatible storage, not scattered across personal devices.

Idempotent pipeline

Every background job is idempotent, retryable, tenant-aware, and dead-lettered after repeated failure — no duplicate CRM activities, no lost recordings.

A note on call-recording law. Consent requirements differ by state and country (one-party vs. two-party consent). Inside Sales Blackbox announces recording before every call and logs consent, and lets you configure policy for your territories — but you remain responsible for compliance in the jurisdictions you operate in. This page describes product controls and is not legal advice.

Visibility you can defend.

Get the recordings, transcripts, and CRM evidence your team needs — with the controls your security review will ask about.

Create your workspace Book a demo

Live in minutes · US & Canada calling · Cancel anytime