Security Policy

Last updated: August 18, 2025

At Kalimna AI, we recognize the critical importance of security in handling voice data and customer information. Our security policy outlines the measures we take to protect your data and our systems while providing our Arabic AI voice agent services.

Security Infrastructure

Kalimna AI employs a comprehensive security infrastructure designed to protect all aspects of our service:

  • Physical Security: Our servers are hosted in Tier III or higher data centers with 24/7 security monitoring, biometric access controls, and redundant power systems.
  • Network Security: We implement advanced firewalls, intrusion detection systems, and regular vulnerability scanning to protect our network perimeter.
  • Application Security: Our applications undergo regular security testing, including penetration testing and code reviews to identify and address vulnerabilities.
  • Data Security: All data is encrypted both in transit (using TLS 1.2 or higher) and at rest (using AES-256 encryption).

Data Protection

We implement stringent data protection measures to safeguard your information:

  • Customer data is segregated and isolated to prevent unauthorized access
  • Regular backups are performed and securely stored with encryption
  • Voice recordings and transcripts are handled according to our data retention policies
  • Access to customer data is restricted to authorized personnel only, based on the principle of least privilege
  • All data access is logged and monitored for suspicious activities

Data Residency

To meet regional data sovereignty requirements, Kalimna AI maintains data centers within the Gulf region. Customer data is stored within your chosen country or region in compliance with local regulations. We offer options for data residency in:

  • Saudi Arabia
  • United Arab Emirates
  • Qatar
  • Bahrain
  • Kuwait
  • Oman

Access Controls

We implement strict access controls to protect your data:

  • Role-based access control (RBAC) for all systems and data
  • Multi-factor authentication for all employee and customer access
  • Regular access reviews and prompt deprovisioning of access when no longer needed
  • Secure VPN access for remote staff with encrypted connections
  • Comprehensive audit logging of all access and actions

Security Monitoring

Our security team continuously monitors our systems to detect and respond to security incidents:

  • 24/7 security monitoring of all systems and networks
  • Automated alerts for suspicious activities or potential security breaches
  • Regular security audits and vulnerability assessments
  • Continuous monitoring of emerging threats in the cybersecurity landscape

Incident Response

In the event of a security incident, we have a comprehensive incident response plan in place:

  • Dedicated incident response team with defined roles and responsibilities
  • Documented procedures for containment, eradication, and recovery
  • Regular testing of incident response capabilities through simulations
  • Commitment to timely customer notification in case of data breaches
  • Post-incident analysis to implement preventive measures

Employee Security

Our security measures extend to our personnel:

  • Background checks for all employees with access to sensitive systems
  • Mandatory security awareness training for all staff
  • Regular phishing simulations and security education
  • Confidentiality agreements for all employees and contractors

Compliance and Certifications

Kalimna AI maintains compliance with relevant security standards and regulations:

  • ISO 27001 Information Security Management System
  • SOC 2 Type II compliance
  • Adherence to GDPR principles and regional data protection laws
  • Regular third-party security audits and assessments

Third-Party Risk Management

We carefully evaluate and monitor the security practices of our vendors and partners:

  • Comprehensive security assessments for all third-party services
  • Contractual security and privacy requirements for vendors
  • Regular review of vendor security practices and compliance
  • Limitation of vendor access to only necessary data and systems

Security Updates

We maintain the security of our systems through:

  • Timely application of security patches and updates
  • Regular system hardening and configuration reviews
  • Automated vulnerability scanning and remediation
  • Secure development practices and code reviews

Customer Security Responsibilities

While we implement comprehensive security measures, customers are responsible for:

  • Maintaining the security of their account credentials
  • Configuring appropriate user access permissions within their organization
  • Promptly reporting suspected security incidents or unauthorized access
  • Ensuring their use of our services complies with applicable laws and regulations

Contact Us

If you have questions about our security practices or need to report a security concern, please contact:

[email protected]