Security & compliance
How GreetQ supports regulated and high-trust buyers in Canada and the United States. This page explains our controls — it is not legal advice.
Canadian privacy (PIPEDA)
GreetQ Inc. is based in Vancouver, British Columbia, Canada. We support Canadian privacy requirements with org-scoped data isolation, access controls, export, and deletion workflows, while your team remains responsible for notice and consent practices that apply to your use case.
CASL & outbound communications
Outbound voice and SMS campaigns can be paired with consent capture, quiet-hours rules, and suppression tooling. Your team remains responsible for confirming that each campaign meets applicable CASL, TCPA, and local consent requirements before launch.
BC health-sector clients
Clinics and dental practices in British Columbia can use Enterprise plans for controls aligned with provincial health privacy expectations, including configurable retention and audit logging. Review your own professional obligations before routing patient information through any third-party system.
US HIPAA (Enterprise, optional)
For US healthcare and other regulated use cases, we can discuss enterprise review and the controls required for a BAA and PHI workflows. We do not offer PHI processing until the relevant controls, customer responsibilities, and integrations have been reviewed.
Infrastructure
Hosted on Vercel with HTTPS everywhere. Database and auth via Supabase with row-level security per organization. Service-role operations are limited to server-side API routes.
SSO (Enterprise)
Enterprise SSO supports SAML 2.0 and OpenID Connect, including common identity providers such as Google Workspace and Microsoft Entra ID. Contact sales for setup guides and metadata exchange.
Audit logs
Dashboard changes to agents, settings, API keys, and team membership are recorded in org-scoped audit logs. Call intelligence (summary, sentiment, quality score) is stored per call for review.
Data retention
Recording retention is configurable per organization. Transcripts and call metadata are retained according to your plan settings. Request deletion via Help & contact.
Data residency
GreetQ Inc. is Canadian-owned and operated from Vancouver, British Columbia, Canada. Application data is processed on managed cloud infrastructure (Vercel and Supabase) with org-scoped isolation; call audio transits our telephony carriers (Telnyx, Twilio) during live calls. If your organization requires guaranteed Canadian-region storage, contact us — Enterprise plans can scope data residency requirements during onboarding.
Subprocessors
GreetQ relies on the following infrastructure providers to deliver the service:
| Provider | Purpose |
|---|---|
| Vercel | Application hosting and edge delivery |
| Supabase | Database, authentication, and storage |
| Telnyx | Primary voice carrier, transcription, and TTS |
| Twilio | Voice relay, SMS, and WhatsApp channels |
| OpenRouter | LLM inference for conversations and call intelligence |
| Stripe | Subscription billing and payment processing |
See also Privacy Policy and Terms of Service. Enterprise security reviews: contact sales.