Security at Salesy

Last Modified: June 8, 2026

Salesy is an AI sales-coaching platform. Customers upload or sync their sales calls, and we generate transcripts, scoring, and coaching feedback. Because that data is sensitive, this page lays out exactly how we handle it today — including what we don't do yet.

Data we store

  • Transcripts and scoring output. When a call is processed, we store the transcript and the structured scoring result against your playbook. These are the artifacts the product is built around.
  • Raw audio. Recordings are processed but not retained by default. If you upload a file directly, it is held in object storage only until transcription completes and is then deleted. If you sync from a source system (e.g. Gong, Chorus), the original recording stays in that system.
  • Frameworks and playbooks. Your custom scorecards and rubrics are stored as structured text in our database, scoped to your workspace.
  • Account and billing data. Name, email, organization, and the metadata needed to manage your subscription. See our Privacy Policy for the full list.

Encryption

  • In transit. All traffic to Salesy is encrypted with TLS 1.2 or higher.
  • At rest. Customer data is stored in Postgres on AWS, on volumes encrypted with AES-256.
  • Secrets. Third-party integration tokens, API keys, and other sensitive credentials are encrypted at the application layer before being written to the database.

Access control and tenant isolation

  • Every row of customer data is scoped to a workspace and protected by row-level security. A user in one workspace cannot read another workspace's data.
  • Salesy staff do not query customer transcripts in the course of normal operations. Production database access is limited to a small on-call group, requires SSO and MFA, and is logged.
  • We use role-based access inside your workspace so you can decide who can manage integrations, who can view recordings, and who can edit frameworks.

Integrations

Salesy requests read-only OAuth scopes by default on every CRM and conversation- intelligence integration. Write scopes — for example, pushing call notes back into Salesforce or HubSpot — are opt-in per workspace and disabled until you turn them on. You can revoke an integration at any time from the workspace settings page.

Reporting a vulnerability

If you believe you have found a security issue, please email security@salesy.ai. We respond within one business day and will credit reporters in any public disclosure if you'd like. We don't currently run a paid bug bounty, but we welcome responsible disclosure.

Certifications

We are an early-stage company and are not yet SOC 2, HIPAA, or ISO 27001 certified. If your procurement team requires a specific control framework before evaluating Salesy, get in touch and we will share our current security questionnaire and roadmap.

Ready to transform your sales team?

Start for freeBook a demo