PRIVACY & SECURITY
Your guests trust you.
We make sure you can keep that trust.
Voice AI handles deeply personal data — guest preferences, room numbers, allergies, payment methods. Privacy and security aren\'t bolt-ons. They\'re the foundation under every ARIAN call.
PII redaction at the edge
Voice transcripts pass through a redaction layer before reaching the LLM or being persisted. Names, addresses, payment numbers, IDs, and dates of birth get hashed or masked at the boundary. Your guests' raw PII never sits in our logs or our prompts.
VoiceIDVault biometric
Voice prints are stored as cryptographic vectors, never raw audio. Per-tenant encryption keys. Right-to-erasure honoured at the chain layer. GDPR Article 9 explicit-consent flow at enrollment.
Tenant data isolation
Every tenant runs in its own RuVector RAG namespace and database tenant. Cross-tenant queries are mechanically impossible — not policy-enforced, schema-enforced.
Audit trail (Viwago)
Every privileged action — booking modification, refund issuance, guest record update — logged immutably with timestamp, actor, and reason. Auditors get read-only access. Investigators get verifiable chain-of-custody.
GDPR + DPA compliant
EU-hosted infrastructure (Frankfurt region). Data Processing Agreement available on request. Right to access, rectify, delete — all programmatic. Sub-processor list public. DPIA on file for voice biometric processing.
Secure-by-default integrations
Every PMS / POS / CRM adapter authenticates via OAuth2 or signed API keys, never passwords. Outbound calls go through a vetted MCP boundary. No third-party SDK gets raw access to your tenant database.
Compliance documentation on request
Data Processing Agreement (DPA) · Sub-processor list · DPIA for voice biometric · Architecture diagrams · Penetration test summaries · SOC 2 (in progress, ETA Q3 2026).
Email security@number7even.com for documentation requests. Response within 2 business days.