Security & Privacy
Your IVR bundle stays in your browser by default. Two features — AI assistance and Cloud Save — transmit data, but only when you choose them, and we tell you exactly what and where.
Stays in your browser (the default)
- The
.zipbundle you upload and the.five9ivrXML inside it. - ZIP parsing, IR transformations, and the visual editor — they run client-side. We have
no backend endpoint that accepts your
.zip. - Your prompt audio files. We only read the path references inside the bundle; the audio itself is never uploaded.
Leaves your browser — only when you choose it
- AI assistance. When you ask the AI for help, your prompt text and the relevant slice of your IVR are sent to our backend and on to Anthropic, our AI provider (a third-party subprocessor), to generate the response. You can disable AI entirely in account settings to keep everything local.
- Cloud Save. If you opt in, the IR JSON for that project — which includes skill names, transfer numbers, and your call-flow logic — is stored in our database so you can reopen it across devices. You can delete it at any time. (It is stored as JSON in our database; it is not yet separately encrypted at the application layer — see Roadmap.)
- Account profile (email, name) for authentication.
- Billing, handled by Stripe — we never see or store card numbers.
How it works
ZIP parsing, IR transformations, and the visual editor all run in your browser. We don't
have a backend endpoint that accepts your .zip — by design. The only data that
reaches our servers is what's described above, and only on your action.
Roadmap (not yet implemented)
- Encryption at rest for Cloud Save data (today it's stored as JSON in our database).
- End-to-end encryption for Cloud Save with passphrase-derived keys.
- A self-hosted option for enterprise customers.
- SOC 2 — a goal for a later stage, not yet underway.
Plan limits and AI token usage are covered on Pricing, and common questions are answered in the FAQ.