Sowa Compliance — Security & Data

Sowa Answers is built for Canadian service businesses. We handle your call data with care — Canadian data residency, PIPEDA-aware practices, and enterprise-grade security.

Canadian data residency

Call recordings, transcripts, and customer data are processed and stored using Canadian and North American infrastructure. Our telephony (Telnyx), voice AI (Retell), and application hosting (Fly.io, Supabase) support Canadian data residency where available.

PIPEDA

We follow PIPEDA (Personal Information Protection and Electronic Documents Act) principles: consent, limited collection, purpose limitation, and secure retention. Our Privacy Policy describes what we collect and how we use it. You may request access, correction, or deletion of your data.

Security

• Encryption in transit — HTTPS/TLS for all web and API traffic
• Access control — Role-based access; admin routes require authentication
• Rate limits — Contact and API endpoints are rate-limited to prevent abuse
• Secrets — No API keys or secrets in client bundles; env-based configuration
• Security headers — X-Frame-Options, HSTS, X-Content-Type-Options, and more

Integrations & third parties

We use Stripe (payments), Telnyx (telephony, SMS), Retell (voice AI), Supabase (database, auth), Resend (email), and Fly.io (hosting). Each has its own security and compliance posture. We do not sell your data to third parties.

Healthcare & regulated industries

If you operate in healthcare or other regulated sectors, contact us to discuss data handling, BAAs, or additional compliance requirements. We can tailor our approach for your use case.