Security
Protection against unauthorized access. Covers encryption, access controls, firewalls, intrusion detection, and incident response.
SOC 2 Type II
DialPhone is SOC 2 Type II audited annually across four Trust Services Criteria. The full report is available to customers and qualified prospects under NDA.
Trust Services Criteria covered
Availability
System accessibility for operation and use. Covers uptime, disaster recovery, capacity planning, and monitoring.
Confidentiality
Data classified as confidential is protected. Covers data classification, retention, secure destruction, and NDA enforcement.
Processing Integrity
System processing is complete, accurate, timely, and authorized. Covers data validation, reconciliation, and error handling.
Request the report
Customers receive the report on request via the admin portal. Prospects receive it under NDA — contact sales or email compliance@dialphone.com.
SOC 2 FAQ
Can I get a copy of the SOC 2 report?
Yes, the full Type II report is available to customers and qualified prospects under NDA. Request via sales or compliance@dialphone.com.
Who audits DialPhone?
An independent AICPA-member CPA firm. The firm rotates per internal auditor independence requirements. Audit firm name is disclosed in the report cover letter.
What period does the report cover?
Type II reports cover a 12-month operating period. The current report covers the calendar year ending December 31, 2025. The next audit period is in progress and completes Q1 2027.
What if there are exceptions?
The audit process produces a Management Response Letter addressing any exceptions or control deviations. We publish our remediation plan inside the report. Zero material exceptions in the most recent audit.
Is this SOC 2 Type I or Type II?
Type II. Type I only attests to control design at a point in time; Type II attests that controls operated effectively over a period (12 months). Type II is the standard for production SaaS.