End of Line
Sign InStart Free

Security

End of Line is built with security and data protection at its core. Your call data is sensitive — we treat it that way.

Data Encryption

In transit

All data transmitted between your browser, our API, and our infrastructure is encrypted using TLS 1.3. This includes:

  • Browser to API server communication
  • API server to database connections
  • API server to vector store (Qdrant) connections
  • API server to knowledge graph (Neo4j) connections
  • Worker to storage (S3) connections

At rest

All stored data is encrypted at rest using AES-256:

  • Call recordings — Stored in AWS S3 with server-side encryption (SSE-S3)
  • Database — PostgreSQL on AWS RDS with storage encryption enabled
  • Vector embeddings — Qdrant collections encrypted at the disk level
  • Knowledge graph — Neo4j data encrypted at the volume level

Tenant Isolation

End of Line uses a strict multi-tenant architecture where each customer's data is completely isolated:

  • Database isolation — Each tenant's data is stored with a tenant ID foreign key. All queries are automatically scoped to the authenticated tenant through middleware enforcement.
  • Vector store isolation — Each tenant has a separate Qdrant collection. Cross-tenant search is impossible at the storage level.
  • Knowledge graph isolation — Graph data is partitioned by tenant ID. All Cypher queries include tenant filtering.
  • Storage isolation — Call recordings in S3 are stored under tenant-specific prefixes with IAM-scoped access.

Tenant context is enforced at the API middleware level — every request is authenticated and scoped to a single tenant before reaching any business logic.

Authentication & Access Control

  • User authentication — Powered by Stack Auth with secure JWT tokens. Supports email/password and social login (Google, GitHub).
  • Organization-based access — Users belong to organizations (tenants). Switching organizations requires re-authentication.
  • API key authentication — For server-to-server integration. API keys are hashed at rest and can be revoked instantly.
  • Role-based access — Organization owners can manage team member permissions.

Infrastructure Security

  • AWS infrastructure — All infrastructure runs on AWS (us-east-1) with VPC isolation, security groups, and IAM roles.
  • No public database access — PostgreSQL, Qdrant, and Neo4j are accessible only within the VPC or through authenticated API endpoints.
  • Automated backups — Database backups run daily with 30-day retention. Point-in-time recovery is enabled.
  • Monitoring — Infrastructure is monitored with CloudWatch alerts for anomalous activity.

Compliance

SOC 2 Readiness

End of Line follows SOC 2 Type II principles for security, availability, and confidentiality:

  • Access controls and authentication on all systems
  • Encryption of data in transit and at rest
  • Audit logging of all administrative actions
  • Incident response procedures documented and tested
  • Regular vulnerability assessments

GDPR Readiness

End of Line supports GDPR compliance for customers handling EU personal data:

  • Data portability — Export all your data via API or CSV at any time
  • Right to deletion — Request deletion of all tenant data including recordings, transcripts, and derived data
  • Data processing agreement — Available for Business and Enterprise customers
  • Data residency — Currently US East (us-east-1). EU data residency available for Enterprise customers on request.

Data Retention

  • Active accounts — Data is retained for as long as your account is active
  • Cancelled accounts — Data is retained for 90 days after cancellation, then permanently deleted
  • Deletion requests — Data deletion requests are processed within 30 days

Security Reporting

If you discover a security vulnerability, please report it responsibly by emailing security@endofline.ai. We take all reports seriously and will respond within 48 hours.