One Dash Zero is built on a zero-server, serverless architecture powered by Cloudflare Workers. This document outlines the security measures that protect your data at every layer of the platform.
☁ Infrastructure
- No servers to breach — One Dash Zero runs entirely on Cloudflare Workers, a serverless edge computing platform. There are no servers, VMs, or containers to hack, patch, or misconfigure. All code runs in isolated V8 sandboxes with zero shared state.
- Cloudflare’s global network — Protected by enterprise-grade DDoS mitigation, Web Application Firewall (WAF), and a global edge network spanning 300+ data centers worldwide.
- Database security — Data is stored in Cloudflare D1, encrypted at rest on Cloudflare’s infrastructure. No exposed database ports and no direct internet access to the database.
🔒 Encryption
- TLS/HTTPS everywhere — All data in transit is encrypted using TLS 1.3. There are no unencrypted connections, no exceptions.
- No data passes through One Dash Zero servers — because there are none. All traffic flows through Cloudflare’s encrypted edge infrastructure.
- Secrets management — API keys and integration credentials are stored as encrypted Cloudflare Worker secrets, never in source code or plaintext configuration files.
👤 Authentication & Access Control
- No passwords stored — Login uses one-time email verification codes, completely eliminating the risk of password database breaches.
- Secure sessions — Session cookies use secure, httpOnly, and sameSite flags to prevent interception and cross-site attacks.
- Per-account data isolation — Each agent and client can only access their own data through authenticated API calls. No shared data access between accounts.
🤖 AI & Voice Processing
- Voice calls — Processed through Retell AI (SOC 2 compliant) and Twilio (SOC 2, HIPAA eligible, PCI DSS compliant). Call data is not used to train AI models.
- Chat & text AI — Powered by Anthropic’s Claude. Conversations are processed in real time and are not used for model training.
- Call recordings — Disabled by default. When enabled, recordings are stored securely and accessible only to the account owner.
💳 Payment Security
- Stripe handles all payment data — One Dash Zero never sees, processes, or stores credit card numbers. All payment processing is handled by Stripe, a PCI Level 1 certified payment processor.
- No financial data on our systems — Subscription management, billing, and refunds are processed entirely through Stripe’s secure infrastructure.
🌐 Vendor Security
- Cloudflare — SOC 2 Type II, ISO 27001, PCI DSS certified. Provides hosting, DNS, CDN, DDoS protection, and database services.
- Twilio — SOC 2, HIPAA eligible, PCI DSS compliant. Provides telephony, SMS, and WhatsApp messaging.
- Stripe — PCI Level 1 certified. Handles all payment processing and subscription billing.
- Anthropic (Claude) — SOC 2 Type II certified. Provides AI language processing for chat and research features.
- Retell AI — SOC 2 compliant. Provides voice AI agent infrastructure.
📜 Compliance & Privacy
- CCPA/CPRA — We honor California consumer privacy rights including data access, deletion, and opt-out requests.
- GDPR — We support data subject rights for EU residents including access, rectification, erasure, and portability.
- Data retention — Account data is retained only as long as the account is active. Upon deletion, all associated data is permanently removed.
- Transparency — Our Privacy Policy and Terms of Service detail exactly what data we collect and how it is used.