Security & Trust
Security at Deske.
Deske handles call audio, transcripts, and patient or client contact information for the businesses we serve. We take that responsibility seriously.
What we do today
- Encryption in transit (TLS) for all traffic between users, the Deske app, and our infrastructure.
- Encryption at rest for stored data using industry-standard AES-256 via our database provider.
- Passwordless email-code authentication — no passwords stored, codes expire after a short window.
- Per-tenant isolation so one business's data is never visible to another.
What we're working toward
- SOC 2 Type II audit. In progress, not yet certified.
- Business Associate Agreement (BAA) framework for healthcare practices.
- Formal incident response and breach notification procedures.
- Pen test engagement before public launch.
These are real work-in-progress items, not certifications we already hold. We'll publish a real trust report when they're complete.
Reporting a security issue
If you've found a vulnerability, please email security@deske.ai. We'll respond within two business days.