Zero Servers.
Zero Attack Surface.

How We Protect Your Data

Every layer of One Dash Zero is built with security as a foundation, not an afterthought.

☁ Infrastructure

• No servers to breach — One Dash Zero runs entirely on Cloudflare Workers, a serverless edge computing platform. There are no servers, VMs, or containers to hack, patch, or misconfigure. All code runs in isolated V8 sandboxes with zero shared state.
• Cloudflare’s global network — Protected by enterprise-grade DDoS mitigation, Web Application Firewall (WAF), and a global edge network spanning 300+ data centers worldwide.
• Database security — Data is stored in Cloudflare D1, encrypted at rest on Cloudflare’s infrastructure. No exposed database ports and no direct internet access to the database.

🔒 Encryption

• TLS/HTTPS everywhere — All data in transit is encrypted using TLS 1.3. There are no unencrypted connections, no exceptions.
• No data passes through One Dash Zero servers — because there are none. All traffic flows through Cloudflare’s encrypted edge infrastructure.
• Secrets management — API keys and integration credentials are stored as encrypted Cloudflare Worker secrets, never in source code or plaintext configuration files.

👤 Authentication & Access Control

• No passwords stored — Login uses one-time email verification codes, completely eliminating the risk of password database breaches.
• Secure sessions — Session cookies use secure, httpOnly, and sameSite flags to prevent interception and cross-site attacks.
• Per-account data isolation — Each agent and client can only access their own data through authenticated API calls. No shared data access between accounts.

🤖 AI & Voice Processing

• Voice calls — Processed through Retell AI (SOC 2 compliant) and Twilio (SOC 2, HIPAA eligible, PCI DSS compliant). Call data is not used to train AI models.
• Chat & text AI — Powered by Anthropic’s Claude. Conversations are processed in real time and are not used for model training.
• Call recordings — Disabled by default. When enabled, recordings are stored securely and accessible only to the account owner.

💳 Payment Security

• Stripe handles all payment data — One Dash Zero never sees, processes, or stores credit card numbers. All payment processing is handled by Stripe, a PCI Level 1 certified payment processor.
• No financial data on our systems — Subscription management, billing, and refunds are processed entirely through Stripe’s secure infrastructure.

🌐 Vendor Security

• Cloudflare — SOC 2 Type II, ISO 27001, PCI DSS certified. Provides hosting, DNS, CDN, DDoS protection, and database services.
• Twilio — SOC 2, HIPAA eligible, PCI DSS compliant. Provides telephony, SMS, and WhatsApp messaging.
• Stripe — PCI Level 1 certified. Handles all payment processing and subscription billing.
• Anthropic (Claude) — SOC 2 Type II certified. Provides AI language processing for chat and research features.
• Retell AI — SOC 2 compliant. Provides voice AI agent infrastructure.

📜 Compliance & Privacy

• CCPA/CPRA — We honor California consumer privacy rights including data access, deletion, and opt-out requests.
• GDPR — We support data subject rights for EU residents including access, rectification, erasure, and portability.
• Data retention — Account data is retained only as long as the account is active. Upon deletion, all associated data is permanently removed.
• Transparency — Our Privacy Policy and Terms of Service detail exactly what data we collect and how it is used.

Have Security Questions?

We are happy to answer any security questions or provide additional documentation for your compliance needs.

Email: dash@1-0.dev