Security

Salesforce-native security: your call data, owned by you.

Bolt-on tools hold your conversations in a vendor database. WorkDial keeps no copy of its own: records in your Salesforce, recordings where you choose, one vendor perimeter.

Start free trial View demo

Records in your org · recordings your choice · no WorkDial store

A WorkDial call record in Salesforce with its recording, transcript, and notes, stored in the customer's own org
call record · in your salesforce
Common question

Where does WorkDial keep my call data?

WorkDial is a Salesforce-native CTI platform that writes call data as native Salesforce objects in your org. Call records, transcripts, and sentiment are native Salesforce objects (Call__c, Recording__c, Transcript__c, Sentiment__c) inside your own org. You choose where recording audio lives: as native Salesforce Files in your own org, in your own Twilio account, or in your own connected storage. WorkDial operates no external customer data store of its own. The only component outside Salesforce is the telephony transport (your own Twilio account), and it stores none of your data.

The data boundary

One line leaves your org: your own Twilio.

It carries the call and holds none of it. Your credentials, your numbers, your carrier bill at cost with no WorkDial markup. It is your vendor, not ours.

Your Twilio account your telephony transport
carries the call. stores nothing.
Your Salesforce org boundary
Call__cCall record
Recording__cRecording
Transcript__cTranscript
Sentiment__cSentiment
fig. 01 native data boundary

Controls · location

Where your call data lives, and who decides.

Records in your org

Calls, transcripts, and sentiment are Salesforce objects written directly into your org, not synced in from a vendor database.

Recordings: your choice

You choose where recordings live: as native Salesforce Files in your own org, in your own Twilio, or in your own cloud storage. Referenced from Recording__c. No WorkDial store.

Data residency

Call records and transcripts are Salesforce objects, so they inherit your org’s region. WorkDial holds no external copy of your customer data to govern in a second place.

Retention & deletion

Your retention rules apply. Delete the record and it is gone, with no external WorkDial copy to chase.

Controls · governance

One audit surface: the Salesforce model you already run.

Because the data lives in your Salesforce, the governance model is Salesforce’s. No second permission system, no separate vendor store to audit, no additional certifications to chase.

Access control

Sharing rules, permission sets, and field-level security already govern the records. There is no second permission model on WorkDial’s side.

Encryption

Encryption posture: inherited from Salesforce, in transit and at rest. There is no separate WorkDial store to encrypt or certify.

Sub-processors

Named sub-processors cover only features you enable: Meta Platforms, Inc. (WhatsApp voice) and ConvoAgent, Inc. for call analysis. Full list: /dpa/.

Audit & monitoring

Salesforce field history plus login and event monitoring on the native records: the same audit surface you already run for the rest of your Salesforce data.

Architecture vs bolt-on

The security surface: one store or two.

Architecture, not a feature scorecard. Where a bolt-on dialer and an external recorder keep a copy of your conversations, WorkDial keeps none. This is the native-versus-integrated question read as a security boundary.

Aspect
Integrated CTI
WorkDial
External recorder
Where call data livessource of truth
Vendor cloud
Native Call__c
Vendor cloud
External copy of your dataa store outside your org
Vendor holds it
None
Vendor holds it
Permission modelwho governs the conversation
Second model
Inherits Salesforce
Second model
A vendor breach exposesblast radius on the vendor side
Your conversations
Nothing on our side
Your recordings
Vendor security-review surfacewhat a reviewer must assess
Full questionnaire
No data store to assess
Full questionnaire
Where recordings livethe most sensitive asset
Vendor storage
Your choice: Salesforce Files, your Twilio, or your storage
Vendor storage

No external store, no surface to certify

A SOC 2 or ISO report exists to vouch for a vendor’s own data store. WorkDial keeps none: your call data lives in your Salesforce and your own Twilio, under their certifications and your controls. The attack and audit surface those reports would cover does not exist on WorkDial’s side.

Questions

Security, answered

Where does my call data live?
Your records live in your Salesforce: every call is a Call__c with the transcript and sentiment as Salesforce objects. You choose where the recording audio lives, including as native Salesforce Files in your own org, your own Twilio, or your own connected storage. WorkDial operates no external customer data store of its own. More on why call data belongs in Salesforce as native objects.
Is anything stored on a WorkDial system?
No. The telephony transport is your own Twilio account, which carries the call. Your call records, transcripts, and sentiment are Salesforce objects in your org; you choose where the recording audio lives. WorkDial keeps no copy of any of it.
Where are recordings stored?
You choose where recordings live: as native Salesforce Files in your own org, in your own Twilio account, or in your own connected storage. In every case they are referenced from Recording__c. The audio never passes through a WorkDial data store.
How are permissions and access controlled?
By Salesforce. Sharing rules, permission sets, and field-level security already govern the records. There is no second permission model to maintain on WorkDial’s side.
Do you support SSO and provisioning?
SSO, provisioning, SLAs, and onboarding are available on Enterprise, alongside higher AI analysis volume.
How do I connect my Twilio account, and does call audio pass through WorkDial?
You connect your own Twilio account: your credentials, your numbers, and carrier rates at cost with no WorkDial markup. Twilio carries the call as the transport and stores none of it. The call, recording, and transcript are written into your Salesforce. See how bring-your-own Twilio keeps your minutes and recordings yours.
Are you SOC 2 or ISO 27001 certified?
WorkDial holds no external customer data store, so your call data never sits on a WorkDial system to certify. It lives in your Salesforce and your own Twilio, under their certifications and your controls. WorkDial claims no certification of its own.
Is WorkDial HIPAA compliant, or will you sign a BAA?
Your call data lives in your Salesforce and your own Twilio, governed by your own controls and your agreements with them, not on a WorkDial data store. WorkDial makes no HIPAA-compliance claim of its own. For org-specific requirements, talk to us.
Do you provide a DPA and a list of sub-processors?
Yes. A full DPA is published at /dpa/, with the sub-processor list in Annex 3. Your call data is stored in your Salesforce and in whichever recording storage you choose, so WorkDial keeps no copy of it. Sub-processors cover only the transient processing of features you turn on: Meta for WhatsApp voice, and WorkDial’s AI provider for call analysis unless you bring your own AI key. Your own Twilio account carries the call as the telephony transport and is your vendor, not a WorkDial sub-processor. Salesforce is also not a WorkDial sub-processor: it is the system where the data lives.
How is data residency handled?
Call records, transcripts, and sentiment are Salesforce objects, so they inherit your org’s data residency. You choose where recording audio lives: if you store it as Salesforce Files, that residency is also your org’s. WorkDial keeps no external copy of your customer data to govern in a second place.
How is data retention and deletion handled?
Your retention rules are Salesforce’s retention rules. Delete the record and it is gone. There is no external WorkDial copy to chase or to request deletion of.

Get started

Running a security review? Talk to us.

Start free trial Talk to sales

4.97★ across 100+ AppExchange reviews · from the team behind ValueText, the Salesforce-native messaging platform