Back to Home

Security & Compliance

MSP Triage is built for MSPs that handle sensitive client environments. Security is not a checkbox — it is a design requirement. Every component of the platform is built around the principle that your call data and your clients' data belongs to you, not to us.

GDPR Compliance and EU Data Residency

MSP Triage is headquartered in Brașov, Romania — within the European Union. Our infrastructure operates under EU data protection law, and we comply fully with the General Data Protection Regulation (GDPR). Call data, transcripts, and ticket content are processed and stored within the EU by default. We do not route your data through jurisdictions that lack adequate protection without appropriate safeguards in place.

We maintain a Data Processing Agreement (DPA) that documents our obligations as a data processor under GDPR Article 28. Enterprise customers can request a signed DPA as part of their onboarding.

No Training on Your Call Data

MSP Triage does not use your call recordings, transcripts, or ticket data to train AI models — ours or anyone else's. The conversations your clients have with the AI voice agent are used solely to generate the ticket for that call and to provide you with analytics. They are never fed into model training pipelines.

This policy applies to all plans. There is no opt-in required and no additional contract language needed to enforce it.

Encryption in Transit and at Rest

All data transmitted between callers, the MSP Triage platform, and your PSA is encrypted using TLS 1.2 or higher. Call recordings and transcripts stored on our platform are encrypted at rest using AES-256. Webhook payloads sent to your PSA are transmitted over HTTPS with configurable signing secrets so you can verify payload authenticity on your end.

API keys and integration credentials are stored encrypted and are never logged or exposed in plain text in any system output.

SOC 2-Ready Infrastructure

MSP Triage is built on infrastructure designed to meet SOC 2 Type II requirements. Our access control model follows the principle of least privilege. Production systems are isolated from development environments. Access to customer data requires multi-factor authentication and is logged for audit purposes.

We perform regular vulnerability assessments and maintain an incident response plan that meets the notification requirements of GDPR Article 33 (72-hour breach notification to supervisory authorities).

Call Data Retention and Deletion

Call recordings are retained for 90 days by default. Transcripts and ticket metadata are retained for the duration of your subscription plus 24 months for legal compliance purposes. You can request early deletion of any specific call recording or transcript at any time by contacting [email protected].

When you close your MSP Triage account, all associated call data is deleted within 30 days. A deletion confirmation is available upon request.

Questions and Security Contact

If you have security questions, need our DPA, or wish to report a potential vulnerability, contact us at:

MSP Triage
Email: [email protected]
Address: Strada Ghimbavului 58, Cristian 507055, Romania, EU