Data protection by design

Security and Data Privacy

June's whole design is a small footprint: nothing recorded in front of your customer, nothing kept after the CRM write, and your system of record stays the only system of record.

Download the security overview (PDF)
Clink on thisContact security: it@calljune.ai
Enterprise data protection for voice AI sales data

How data moves through June

The rep calls June from their phone after a meeting. The call is processed in real time: June asks the questions, structures the answers, and writes the update to your CRM through its standard API with your own revocable credentials. Then cleanup runs: the call audio and transcript are deleted from our systems and from the voice platform. What persists is the structured update, living in your CRM, where you control retention, access, and compliance.

Step 1
Rep calls June
Step 2
Real-time processing
Step 3
CRM write (OAuth, your credentials)
Step 4
Audio and transcript deletedfrom CallJune and the voice platform
Step 5
Data lives only in your CRM(operational only)
Call ID and timestamps
Workflow routing state
Integration status
Audit events

What June never does

Never records your customer meeting

The rep calls June after the meeting, from the car or the office. The meeting itself is never recorded or monitored, and nothing is visible to your customer.

Never keeps recordings or transcripts

Call audio and transcripts are processed in real time and deleted after the CRM write completes.

Never trains AI on your data

API-tier agreements with our model providers prohibit training on customer data. Zero Data Retention agreements are available for enterprise customers.

Never stores passwords or runs a parallel database of your deals

Integrations use revocable tokens. Your CRM remains the single source of truth; we keep only limited operational metadata (call IDs, routing state, audit events).
Clink on thisSend us your security questionnaire: it@calljune.ai

Authentication and isolation

Phone-based two-factor authentication: the rep's registered phone number (calls from unrecognized numbers are not processed) plus a unique per-rep PIN validated before any processing begins. Every rep is scoped to their own CRM identity and can only touch records they own. Organizations are isolated at every layer.

Certifications, stated plainly

Every system in June's data path holds independent SOC 2 Type II certification: the orchestration platform, voice platform, hosting, and the database layer. Our AI model providers (Anthropic, OpenAI, Google) are SOC 2 Type II certified and do not train on API data. CallJune's own application-layer SOC 2 Type I is in progress, with Type II to follow. We say it that way because precision is the point of a security page.

Have a security review coming?

Download the overview PDF, or send your questionnaire to it@calljune.ai. We answer fast and in plain language.
Download the security overview (PDF)

Frequently asked questions

Does June record my customer meetings?
No, never. The rep calls June after the meeting. Your customer never sees or hears a tool.
What happens to the call audio and transcript?
Both are processed in real time and deleted once the structured update is written to your CRM. Reduced retention windows and deletion workflows can be configured on request, but deletion after the write is the default.
Where does our data live?
In your CRM, under your controls. CallJune keeps only limited operational metadata (call IDs, timestamps, routing state, audit events) needed to run the service.
Is CallJune SOC 2 certified?
Our entire infrastructure path (voice, hosting, database, AI providers) is SOC 2 Type II certified. CallJune's own application-layer SOC 2 Type I is in progress, with Type II planned after.
Do you store passwords for our CRM?
No. Integrations use OAuth tokens or scoped API keys you can revoke at any time.
Can you handle our security questionnaire?
Yes. Send it to it@calljune.ai. We support IT reviews, architecture questions, and NDA-gated detail.