Your Data.
Always Protected.
LimeCall is built with security at its core โ from encryption and access controls to compliance certifications. We protect your data so you can focus on your customers.
Security built into every layer
From the moment a visitor submits their number to the moment you download a call recording, your data is protected end-to-end.
End-to-End Encryption
All data in transit is protected with TLS 1.2+ encryption. Data at rest is encrypted using AES-256. Your call recordings, contact details, and analytics are encrypted at every layer.
GDPR & CCPA Compliance
LimeCall is built for global compliance. We support GDPR data subject rights, CCPA opt-out mechanisms, and provide Data Processing Agreements (DPAs) for enterprise customers.
Data Residency Options
Choose where your data lives. LimeCall supports EU and US data residency so you can meet local regulatory requirements without compromising on performance.
Role-Based Access Control
Grant the right level of access to the right people. Admins, managers, and agents each have scoped permissions. Sensitive data is only visible to those who need it.
Audit Logs & Activity Tracking
Every admin action, configuration change, and login event is logged with a timestamp and user ID. Full audit trails are available for compliance reviews and incident investigation.
Regular Security Audits
LimeCall undergoes regular third-party security assessments and penetration testing. Vulnerabilities are triaged, remediated, and disclosed according to responsible disclosure principles.
Compliance & Certifications
LimeCall aligns with the major data protection regulations and frameworks so you can confidently use our platform wherever your customers are located.
General Data Protection Regulation
LimeCall supports all GDPR obligations including the right to access, the right to erasure, data portability, and lawful basis for processing. We act as a data processor on your behalf and provide a signed DPA on request.
California Consumer Privacy Act
California residents using your product have the right to know, delete, and opt out of the sale of personal information. LimeCall's data handling is built to support these consumer rights end-to-end.
SOC 2 Type II Aligned
LimeCall's infrastructure and controls are aligned with SOC 2 Trust Service Criteria covering security, availability, and confidentiality. Enterprise customers can request our security documentation under NDA.
Data practices you can trust
Transparency matters. Here is exactly how LimeCall handles your data.
What data does LimeCall store?
LimeCall stores the information needed to operate the service: contact details submitted through your widget (name, phone number, email), call records (timestamp, duration, outcome), call recordings where enabled, and account configuration data.
Call recording retention
Call recordings are stored for 90 days by default on Standard plans. Pro and Enterprise plans can configure custom retention periods. You can delete individual recordings or bulk-delete all recordings from your dashboard at any time.
Data deletion
You can delete your account and all associated data at any time from your account settings. Upon deletion, all personal data is removed within 30 days from active systems and within 90 days from backups, in accordance with GDPR Article 17.
Security FAQ
Is LimeCall GDPR compliant?
Yes. LimeCall is built to support GDPR compliance for you and your customers. We act as a data processor under your instructions, provide a signed Data Processing Agreement (DPA), support data subject rights requests, and maintain records of all processing activities. Contact our team to obtain a DPA.
Where is my data stored?
LimeCall stores data on secure cloud infrastructure hosted in the EU (Frankfurt) and US (Virginia) depending on your account's data residency setting. Enterprise customers can specify their preferred region at onboarding.
How are call recordings stored and protected?
Call recordings are encrypted at rest using AES-256 and stored on isolated, access-controlled storage. Recordings are only accessible to authorised users within your account. They are never used to train AI models or shared with third parties.
Can I delete my data and recordings?
Yes. You can delete individual call recordings or bulk-delete all recordings from the LimeCall dashboard. To delete your entire account and all associated data, go to Account Settings then Delete Account. All personal data is purged within 30 days of deletion.
Do you share data with third parties?
LimeCall does not sell, rent, or share personal data with third parties for advertising or marketing purposes. Sub-processors used to operate the platform (such as cloud infrastructure providers) are listed in our Privacy Policy and are contractually bound to process data only as instructed.
Questions about security?
Our security team responds to all enquiries within one business day.