Security
For the most sensitive records in the country.
Government data requires more than industry-standard protection. Caldera is built to the bar set by the institutions we serve.
Agencies hold the most sensitive information in the country — about their residents, their staff, their operations. Our design choices start there.
Enterprise-grade protection
What we do on every deployment.
Dedicated security ownership
A named owner on our engineering team runs the security program end to end. Our on-call rotation covers reliability and security together, with 24/7 coverage and automated paging on anomalies.
Data sovereignty and control
You keep control of your data. Choose your deployment region, set retention policies, and know where your records sit at every step of the workflow.
Never used to train AI
Customer data is contractually prohibited from training any model — ours or any AI vendor's.
Least-privilege access
Internal access to customer data is scoped under least-privilege, with all reads recorded to a tamper-evident audit trail.
Enterprise-grade defaults
SSO, fine-grained roles, retention schedules, legal holds, and a full audit trail are included out of the box — not gated behind an enterprise tier.
Independently tested
We partner with an independent firm on our SOC 2 Type II audit and publish our security posture through a public trust center. Full documentation is available to prospective customers under NDA.
AI governance
AI, with a contract behind it.
The fast-moving part of our stack sits behind the same vendor terms, access controls, and change management as the boring part. Commitments made to us by every AI provider flow through to you in our contracts.
Contractual no-training
Every AI vendor we use is contractually prohibited from training on customer data. Those commitments flow through into your Caldera contract, not just ours with the vendor.
Governed model set
The AI models Caldera is authorized to use on your data are explicit, versioned, and visible to your administrators in-product. Changes go through change control and appear in your audit trail.
Compliance & attestations
What’s in place today, and what’s being attested next.
We draw a clear line between controls we run today and reports a third party has issued about them. Both matter — and we won’t conflate the two.
SOC 2 Type II
We are inside the observation window for our SOC 2 Type II audit with an independent firm. The report will be available through the trust center on completion. Our SOC 2 Type I report is available today, under NDA.
WCAG 2.2 AA
Resident-facing surfaces — public records portals, response documents, and other constituent-facing deliverables — are built and continuously tested to WCAG 2.2 AA. Accessibility is part of our release process, not a final step.
Data residency
Customer data lives in US regions, inside dedicated environments our team manages. Residency and region choices are set at deployment and do not change silently.
Formal documentation is available to prospective customers through trust.calderapbc.com.
FAQ
The questions we hear from security teams.
Customer data is anything your agency uploads, sends, or produces through the platform — source records, responses, transcripts, and the content of any conversation with our AI agents. It does not include anonymized telemetry we use to keep the service running.
Bring your security team to the first call.
Our trust center has our security documentation. If your team has questions it doesn’t answer, we’re happy to walk through them in person.