One Dash Zero is built on a zero-server, serverless architecture powered by Cloudflare Workers. This document outlines the security measures that protect your data at every layer of the platform.
☁ Infrastructure
- One Dash Zero runs entirely on Cloudflare Workers, a serverless edge computing platform. There are no servers, VMs, or containers to hack, patch, or misconfigure. All code runs in isolated V8 sandboxes with zero shared state.
- Cloudflare’s global network — Protected by enterprise-grade DDoS mitigation, Web Application Firewall (WAF), and a global edge network spanning 300+ data centers worldwide.
- Database security — Data is stored in Cloudflare D1, encrypted at rest on Cloudflare’s infrastructure. No exposed database ports and no direct internet access to the database.
🔒 Encryption
- TLS 1.3 in transit — All data in transit is encrypted using TLS 1.3. There are no unencrypted connections.
- Field-level encryption at rest — Beyond Cloudflare’s platform encryption of the database, the third-party credentials you connect (e-commerce, CRM, calendar, and webhook tokens) are encrypted field-by-field with AES-256-GCM before they are written to the database, using a key held as a Worker secret separate from the database.
- Secrets management — Platform API keys are stored as encrypted Cloudflare Worker secrets, never in source code. Encrypted database backups use the same AES-256-GCM encryption.
👤 Authentication & Access Control
- No passwords stored — Login uses one-time email verification codes, eliminating the risk of password database breaches.
- Secure sessions — Session cookies use HttpOnly, Secure, and SameSite=Strict flags and expire automatically.
- Tenant isolation — Each account can only access its own data through authenticated, session-scoped API calls. Isolation is covered by an automated test suite (Playwright tenant-isolation tests) that runs on changes.
- Sign-in uses email one-time codes — there are no passwords to breach, and every login requires access to your email account. Two-factor authentication via authenticator app (TOTP) is available.
- Administrative audit trail — Administrative actions (account changes, agent deletions, access-token issuance) are recorded to an append-only audit log; entries are never overwritten.
🤖 AI & Voice Processing
- Voice calls — Processed through ElevenLabs (voice AI) and Twilio (telephony — SOC 2, HIPAA-eligible, PCI DSS). Inbound post-call webhooks are HMAC-signature-verified (rejected fail-closed on a missing or invalid signature), and each agent’s tool callbacks authenticate with a per-agent encrypted credential — one tenant’s agent cannot invoke another tenant’s tools.
- Prompt-injection resistance — Every voice and chat agent runs a hardened system-prompt block (“Scope & Integrity”) that refuses jailbreak attempts — word-substitution, letter and homophone games, and code-word tricks — while still allowing legitimate read-backs (name, phone, email, booking code). Shipped across all agents, on both phone and web surfaces. These are real controls, not a claim of comprehensive AI safety.
- Chat & text AI — Powered by Anthropic’s Claude. Conversations are processed in real time and, per Anthropic’s commercial terms, are not used to train models. ElevenLabs voice processing is governed by its vendor terms.
- Call recordings — Disabled by default. When enabled, recordings are stored securely and accessible only to the account owner.
💳 Payment Security
- Stripe handles all payment data — One Dash Zero never sees, processes, or stores credit card numbers. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor.
- No financial data on our systems — Subscription management, billing, and refunds are processed entirely through Stripe’s secure infrastructure.
🌐 Subprocessors
- Cloudflare (compute, database, storage, CDN/DDoS) — SOC 2 Type II, ISO 27001, PCI DSS.
- Anthropic (LLM for chat & content) — SOC 2 Type II; no training on API data per commercial terms.
- ElevenLabs (voice AI) — DPA available; see vendor terms.
- Twilio (telephony, SMS, WhatsApp) — SOC 2, HIPAA-eligible, PCI DSS.
- Stripe (payments) — PCI DSS Level 1, SOC 2.
- SendLayer (transactional email) — TLS; DPA per vendor.
- OpenAI (image generation, optional feature) — operator-typed text prompts only; not part of the core receptionist data flow; API data not used for training per vendor.
- Google Places, Google Calendar, Microsoft Graph (Outlook), Cal.com (address lookup & appointment booking) — under each provider’s terms / DPA.
- Meta (Facebook/Instagram inbound & social publishing) — under Meta’s platform terms.
- Apple (push notifications via APNs for iOS devices) — device push tokens & notification payloads; under Apple Developer terms / DPA.
- Retell AI is no longer used (voice is ElevenLabs). Northwest Registered Agent is a corporate registered agent, not a data subprocessor.
📜 Compliance & Privacy
- Privacy rights — We support data subject requests (access, deletion, correction). See the data deletion item below.
- Data deletion — Account data is retained while your account is active. Deletion requests are currently handled manually, case by case — a self-serve erasure workflow is in development. Production data is removed on request; encrypted backups age out on the normal rotation (7-day rolling dumps, 30-day weekly snapshots) and are then deleted automatically.
- Transparency — Our Privacy Policy and Terms of Service detail what data we collect and how it is used.
- Responsible disclosure — Security researchers can report vulnerabilities to security@onedashzero.ai; we acknowledge reports and remediate. See /.well-known/security.txt.