Skip to main content
GreetQ

Security & compliance

How GreetQ supports regulated and high-trust buyers in Canada and the United States. This page explains our controls — it is not legal advice.

Canadian privacy (PIPEDA)

GreetQ Inc. is based in Vancouver, British Columbia, Canada. We handle personal information under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), with org-scoped data isolation, access controls, export, and deletion on request. You are responsible for telling callers when calls are recorded and obtaining consent where required.

CASL & outbound communications

Outbound voice and SMS campaigns require documented consent before contact, quiet-hours enforcement, and do-not-call list support. These controls align with Canada's Anti-Spam Legislation (CASL). US customers with US lists may additionally configure TCPA-oriented consent fields.

BC health-sector clients

Clinics and dental practices in British Columbia can use Enterprise plans for controls aligned with provincial health privacy expectations, including configurable retention and audit logging. Review your own professional obligations before routing patient information through any third-party system.

US HIPAA (Enterprise, optional)

For US healthcare customers, HIPAA mode is available on Enterprise with a signed Business Associate Agreement (BAA). Not all integrations are HIPAA-eligible — review your stack before enabling PHI workflows.

Infrastructure

Hosted on Vercel with HTTPS everywhere. Database and auth via Supabase with row-level security per organization. Service-role operations are limited to server-side API routes.

SSO (Enterprise)

Enterprise SSO supports SAML 2.0 and OpenID Connect, including common identity providers such as Google Workspace and Microsoft Entra ID. Contact sales for setup guides and metadata exchange.

Audit logs

Dashboard changes to agents, settings, API keys, and team membership are recorded in org-scoped audit logs. Call intelligence (summary, sentiment, quality score) is stored per call for review.

Data retention

Recording retention is configurable per organization. Transcripts and call metadata are retained according to your plan settings. Request deletion via Help & contact.

See also Privacy Policy and Terms of Service. Enterprise security reviews: contact sales.