How Kazozo handles the conversations, contacts, and content flowing through your agents — including what we store, what we don't, and what you can export on demand.
Anything else is a detail. These are the three commitments we design every feature around.
We store what's needed to run your agents and nothing more. Every message is tied to a tenant, every action is logged, and you can export or delete any conversation through the dashboard.
Your customer data never crosses tenant boundaries. Agents are loaded with your policies, your FAQ content, and your routing rules — other businesses on the platform can't see any of it.
AI responses flow through policy checks before they reach your customers. The model can't send SMS, push leads to your CRM, or take any action that isn't explicitly configured for your tenant.
Plain-English answers to the questions our customers ask before go-live.
In transit: All traffic between your website, the Kazozo platform, and any integrations uses TLS 1.2 or higher.
At rest: Conversations, lead data, and configuration are encrypted at rest using industry-standard AES-256.
Every dashboard user is scoped to a single tenant. Internal access to production systems is restricted, logged, and audited. We don't read your customer conversations unless you open a support ticket that requires it — and we log when we do.
You control retention at the tenant level. Conversations can be set to expire after a defined window or kept indefinitely for training and audit. You can delete any conversation, lead, or contact on demand — including after a customer exercises a right-to-be-forgotten request.
Your customer conversations are not used to train the underlying AI models. They're used to run your agents — and only your agents. If we improve the platform based on patterns we see, those improvements are de-identified aggregate signals, never raw content.
Every agent action is logged with a timestamp, the inputs it saw, the decision it made, and the action it took. This is how we catch weird behavior before it reaches a customer — and how you'd reconstruct what happened if a customer complaint needed investigation.
We target 99.9% platform uptime. When we miss it, we publish the incident — what happened, what was affected, and what we changed so it doesn't happen again. No corporate hedging.
Some SMB software vendors claim certifications they don't have. We'd rather be honest about where we are and where we're headed.
We're building toward SOC 2 Type II and can share our current controls, subprocessor list, and DPA under NDA for customers doing formal vendor reviews. If that's a dealbreaker today, please tell us so we can prioritize it correctly.
Kazozo is not HIPAA-covered today. For dental and medical customers, we help you configure agents so they never collect or store protected health information — appointment booking + intake happens through your existing HIPAA-covered systems, and Kazozo handles only public-facing conversations. If you have a HIPAA requirement that needs us to sign a BAA, we'd want to talk before you sign anything.
We'd rather walk through them with you on a call than leave you parsing a policy doc. No legalese — just real answers.