Security at Sales Lab.

Application & database. Supabase Postgres in the us-east-1 region (AWS Virginia). Encrypted at rest with AES-256.

Voice infrastructure. ElevenLabs — speech-to-speech inference, US-East. Audio streams are never persisted on our side. ElevenLabs retains transcript snapshots only as required to deliver their API.

Scoring model. Anthropic Claude. US region. Inputs are processed for inference and not used to train Anthropic models.

Email. Resend (US region) for magic-link sign-in and scorecard summaries. Recipients are limited to your own users.

In transit. TLS 1.3 between every hop. HSTS preloaded.

Your company admins. Can read every scenario, scorecard, and transcript belonging to your tenant. Reps can read only their own.

Sales Lab engineers. Production database access is limited to a named on-call rotation, requires hardware-backed MFA, and is broken-glass only — every session is time-bound, justified in writing, and logged in a tamper-evident audit trail.

No third-party access. We do not sell, share, or rent your data to anyone. Subprocessors below are operationally required and contractually limited.

Every admin action — scenario create / edit / archive, KB edit, role change, share-token generation, and scorecard read — is logged with actor user-id, IP address, user-agent, and a timestamp. Logs are immutable for 365 days.

Email ben@tamras.co. We acknowledge within one business day, never threaten or pursue good-faith researchers, and credit reporters who request it on this page after the fix ships.

Export. Admins can request a JSON export of every scenario, KB doc, session, transcript, and scorecard at any time.

Deletion. A signed delete request from a verified admin removes all tenant data — including audio blobs and third-party derived state — within 30 days.