Question 1

Is Pyrexa HIPAA compliant?

Accepted Answer

Growth, Pro, Scale, and Enterprise plans support HIPAA-ready configurations with a signed BAA, end-to-end encryption (TLS 1.3 in transit, AES-256 at rest), and audit logging. SOC 2 Type II readiness is in progress.

Question 2

How does Pyrexa store call recordings and transcripts?

Accepted Answer

All recordings and transcripts are encrypted at rest with per-tenant keys. Retention is configurable per business; default is 90 days. Customers on Enterprise can elect zero-retention mode where audio is deleted within 60 seconds of transcription.

Question 3

Where is my data stored?

Accepted Answer

Pyrexa is hosted on AWS with multi-region deployment and automatic failover. By default data is stored in the United States (us-east-1 / us-west-2). EU residency is available on Enterprise.

Question 4

How does Pyrexa handle two-party consent recording laws?

Accepted Answer

Pyrexa detects the caller's state automatically and inserts a recording-consent prompt before any audio is captured in two-party-consent jurisdictions. One-party-consent states use the silent default unless the business opts in to consent prompts.

Question 5

Does Pyrexa store credit card data?

Accepted Answer

No. All payments are processed exclusively by Stripe; Pyrexa never receives or stores PAN data. Our PCI-DSS scope is therefore zero.

Question 6

What does Pyrexa Shield do?

Accepted Answer

Pyrexa Shield is an inbound anti-spam and scam filter that drops bad calls before they reach a human or an AI agent. It uses caller-reputation signals, voice fingerprinting, and call-pattern anomaly detection.

Question 7

Can I export or delete my data?

Accepted Answer

Yes. Data export and deletion are self-service from the portal under Settings → Privacy. CCPA and GDPR data-subject requests are processed within 30 days.

Question 8

Are outbound calls TCPA compliant?

Accepted Answer

Yes. Pyrexa requires verifiable opt-in for any outbound contact, enforces quiet-hours by default (8am–9pm caller-local), and maintains a per-tenant Do Not Call list.

Severity	Payout	Examples
Critical	Recognition + reward by severity	Remote code execution, authentication bypass
High	Recognition + reward by severity	Privilege escalation, data exposure
Medium	Recognition	Cross-site scripting, CSRF
Low	Recognition	Information disclosure, best practice violations

Priority	Response	Resolution
P0(Critical)	15 min	4 hours
P1(High)	1 hour	8 hours
P2(Medium)	4 hours	24 hours
P3(Low)	24 hours	72 hours

Security isn't a feature.
It's the foundation.

Enterprise-grade infrastructure

Comprehensive regulatory compliance

SOC 2 Compliance

Your data, fully protected

Encryption at Rest

Encryption in Transit

Call Recording

Defense in depth

RBAC

MFA

Audit Logs

SSO

We actively invite security researchers

Guaranteed response times

Your data stays where you need it

US

EU

Custom

Questions about security?

Security isn't a feature.It's the foundation.