Security at Earshot

Earshot is built with security at its core. We understand that our platform handles sensitive business intelligence, worker information, and lead data — and we take that responsibility seriously. This page outlines the technologies, practices, and policies we use to keep your information safe.

We follow industry best practices and continuously evaluate our security posture to protect against emerging threats. Our goal is to provide a platform you can trust with your most valuable data.

All data is encrypted both in transit and at rest:

• TLS 1.3: All data transmitted between your browser, our servers, and third-party services is protected with industry-standard Transport Layer Security (TLS 1.3). This ensures your information cannot be intercepted or tampered with while in transit.
• Encryption at rest: All stored data — including lead records, worker information, messages, and user credentials — is encrypted using AES-256 encryption. This protects your data even in the unlikely event of unauthorized physical access to our infrastructure.
• End-to-end SMS security: Messages sent via our SMS provider (Twilio) are transmitted over encrypted channels from the moment they leave a worker's phone until they reach our platform.

We employ multiple layers of authentication to ensure only authorized users can access your data:

• Secure password storage: All passwords are hashed using bcrypt with adaptive salting. We never store plain-text passwords and cannot retrieve them.
• Social authentication: We support Google OAuth for secure, passwordless sign-in. This leverages Google's enterprise-grade security infrastructure and reduces phishing risk.
• Session management: Sessions are managed with cryptographically secure tokens, automatic expiration, and device-based invalidation.
• Role-based access control (RBAC): Platform permissions are strictly enforced. Company admins can only access their own organization's data. Workers can only see their own submissions and leaderboard standings. No user can access another organization's information.
• Row Level Security (RLS): Every database query is validated against the requesting user's identity. Even at the database layer, users can only access rows they are explicitly authorized to see.

Your data lives in a managed backend infrastructure built on enterprise-grade database technology with the following protections:

• Isolated environments: Production data is strictly separated from development and staging environments.
• Automated backups: Regular encrypted backups ensure data can be recovered in the event of an incident.
• Point-in-time recovery: Our database supports recovery to any point in time within the retention window, minimizing data loss risk.
• Connection security: All database connections require TLS encryption and authenticated credentials. Direct public access to the database is not permitted.
• Audit logging: Database access is logged for security monitoring and compliance purposes.

Earshot runs on modern, secure cloud infrastructure:

• Distributed architecture: Our application is deployed on a globally distributed edge network, reducing latency while maintaining security boundaries.
• DDoS protection: Built-in protection against distributed denial-of-service attacks ensures the platform remains available under stress.
• Network isolation: Internal services communicate over private, encrypted networks. Public exposure is limited to only the necessary endpoints.
• Dependency management: We regularly audit and update our dependencies to patch known vulnerabilities promptly.

Earshot's core functionality relies on SMS, and we secure those communications end-to-end:

• Trusted carrier partner: We use Twilio, a leading enterprise communications platform with SOC 2 Type II certification, to send and receive all text messages.
• Verified sender number: All outbound SMS messages are sent from a single, verified toll-free number: (571) 290-2966. This helps workers recognize legitimate Earshot communications.
• Message content protection: Lead messages submitted via SMS are immediately encrypted and stored securely. Message content is never shared with unauthorized parties.
• Opt-out controls: Workers can stop all SMS communications at any time by replying "STOP," which is honored immediately across the platform.

Our AI systems parse and structure lead information from conversational text. We handle this process with the same security standards as all other platform data:

• No training on your data: Lead content submitted through Earshot is not used to train or improve third-party AI models. Your business intelligence stays yours.
• Encrypted processing: AI processing occurs over encrypted connections, and any temporary processing data is discarded immediately after the structured lead is extracted.
• Output validation: Parsed lead data is validated for completeness and accuracy before being stored or routed to your team.

We maintain active monitoring to detect and respond to security events:

• Continuous monitoring: Automated systems monitor for anomalous access patterns, failed authentication attempts, and other indicators of compromise.
• Incident response plan: We have a documented incident response procedure with defined roles, escalation paths, and communication protocols.
• Notification policy: In the event of a security incident affecting your data, we will notify affected users promptly and provide guidance on protective steps.

Our internal security culture supports the technical safeguards we deploy:

• Least-privilege access: Earshot employees have access to production systems only when necessary and with appropriate approvals. Access is logged and regularly reviewed.
• Secure development lifecycle: Code changes are reviewed, tested, and deployed through automated pipelines with security checks at every stage.
• Third-party assessments: We periodically engage independent security professionals to evaluate our platform and recommend improvements.
• Vendor security: All third-party service providers are vetted for security practices and bound by contractual data protection obligations.

Security is a shared responsibility. We encourage all users to take the following steps to protect their accounts:

• Use a strong, unique password for your Earshot account.
• Enable Google OAuth sign-in for an additional layer of security.
• Do not share your login credentials with others.
• Log out of shared or public devices after use.
• Report suspicious activity to [email protected] immediately.

If you have questions about our security practices, want to report a vulnerability, or need more information about how we protect your data, please contact us:

We take all security inquiries seriously and will respond as quickly as possible.