Security at Spaces: How We Protect Your Information
At Spaces, security, privacy, and reliability are at the core of everything we do. We understand that our customers entrust us with sensitive information, and we are committed to protecting that data through enterprise-grade security practices, rigorous compliance standards, and transparent communication.
Below is a comprehensive overview of how we protect your data across our infrastructure, application, integrations, and payment systems.
Infrastructure Security
We host Spaces on Amazon Web Services (AWS), a cloud provider trusted by leading organizations worldwide for its secure infrastructure and extensive compliance certifications.
All communications are encrypted using 256-bit AES encryption.
Your data is stored across redundant, geographically diverse databases to ensure both high availability and disaster recovery.
Data Protection & Privacy
Automatic Backups: Daily backups of all databases and hourly backups of critical systems.
Data Retention: Your data is retained only as long as you need it. You’re in full control.
Privacy Compliance: We support privacy regulations such as the California Consumer Privacy Act (CCPA). You can request deletion of your data at any time by contacting our Support Team.
Email & Calendar Access
If you connect your Google or Microsoft account, Spaces may access limited email and calendar data to enable powerful CRM features, including:
1. Reading calendar events to help you prepare for upcoming client meetings
2. Creating, updating, and deleting events based on automated workflows
3. Sending emails on your behalf using the Gmail API for follow-ups and communication
4. Retrieving client emails and associating them with contact records
We strictly comply with Google and Microsoft’s security policies, including:
1. OAuth authentication (token-based access)
2. Granular permission scopes (minimal data access)
Call Recordings
Spaces integrates with Fireflies.ai, an AI-powered meeting assistant used to record, transcribe, and summarize client meetings.
Fireflies is fully SOC 2 Type II and GDPR compliant
All call data is handled securely and used strictly for CRM insights and documentation
Learn more about Fireflies’ security here
Application Security
For messaging and voice communication, Spaces uses the OpenPhone API, a secure platform trusted by modern teams.
All messages and data in transit are encrypted using TLS (Transport Layer Security)
Voice calls are conducted via WebRTC, with signaling over WebSockets and TLS for secure, real-time communication
Data at rest is encrypted using AES-256, an industry-standard algorithm
OpenPhone maintains rigorous compliance standards to protect call and message data.
Payments & Billing
We use Stripe to handle all payments. Stripe is:
PCI DSS Level 1 certified, the highest level of certification in the payment industry
Trusted by thousands of companies worldwide for secure billing infrastructure
Your payment information is never stored on our servers.
Questions or Requests?
If you have questions about our security practices or would like to request access to or deletion of your data, please contact our Support Team. We're happy to assist.