SECURiTY & COMPLIANCE | spoke

Security and compliance frameworks for regulated communications

This is how Spoke protects your communications, employee, and business data, who can access it, and how we prove it

Why communication security is a compliance issue for your company

In regulated industries, business conversations are records, and regulators like the SEC, CFTC, and others treat them that way. Companies have been fined for failing to preserve business communications, especially those sent over personal devices and channels such as WhatsApp. The content of those messages was not the violation. A firm’s ability to capture and produce them is.

Spoke Phone enables the control, capture, and preservation of every call and message on any device, including mobile phones.

Spoke’s compliance frameworks include SOC 2, SOC 1, HIPAA and GDPR, and provides the controls allowing financial organizations to meet their FINRA obligations.

The Spoke platform ensures that every call, message, and WhatsApp conversation flows through a compliant, encrypted, and controlled environment, and gives you the ability to store and retrieve those conversations for audit, dispute, and regulatory review.

Data and platform security

How your data, the systems it runs on, and access to both are protected

Spoke
Encryption

All customer data is encrypted at rest and in transit.
Databases are encrypted at rest, and application traffic is transmitted exclusively over TLS/SSL. Recordings and stored data are protected with 256-bit AES encryption.


For additional control, customers can:- Apply private encryption tokens to recordings, retaining sole control of the keys.
- Redact phone numbers and personally identifiable information (PII) from Spoke Phone servers.

Spoke
Access control

Access to cloud infrastructure and sensitive systems is restricted to authorized personnel with a documented business need, following the principle of least privilege.

Access rights are reviewed quarterly. All personnel are subject to enforced authentication and password-complexity requirements.

Spoke
Data residency and customer control

Customers determine where their data is stored and who can access it.
Spoke's APIs and pre-built integrations support local data storage and customer-controlled access, allowing organizations to align data handling with their own regulatory and residency obligations.

OUR CERTIFICATIONS

Governance, assurance, and compliance

The program, testing, and personnel behind our controls, and how they meet regulatory requirements

Personnel security

All Spoke team members are background-checked in accordance with local law, complete industry-standard security awareness training, and sign a confidentiality agreement before their first day. Every team member is required to review and accept Spoke's security policies.

Independent testing and auditing

Spoke undergoes independent third-party assessments of its security and compliance controls. Third-party penetration testing is conducted at least annually to validate the security posture of our services.

Compliance program and certifications

Spoke is SOC 2, HIPAA, and GDPR certified, and provides frameworks supporting FINRA regulations. Spoke is built on Twilio's compliant infrastructure, certified in: SOC 2 Type II & Type 1, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, PCI DSS Level 1, HIPAA, GDPR, CCPA, and CPRA.

These standards are supported by an active Information Security Program aligned to the SOC 2 framework, communicated across the organization and formally acknowledged by all personnel. Roles and responsibilities for information security and the protection of customer data are documented and assigned.

Most compliance systems stop the moment an employee uses their mobile phone. Spoke keeps working.

“Our brokers need to be mobile, but we couldn’t afford the compliance blind spots that came with that. Spoke gave us visibility into mobile calls and messages without slowing our teams down — and we’ve seen measurable improvements in both risk and performance.”

Mobile Broker Compliance
National Insurance Brokerage Firm
SECURITY & COMPLIANCE AT SPOKE

If you have any questions or wish to report a security concern please reach out