Enterprise Security

Your Data. Your Control.

Bank-grade encryption. HIPAA-ready architecture. Built for businesses that can't afford security risks.

End-to-End Encrypted
HIPAA-Ready
SOC 2 Infrastructure
99.99% Uptime

Powered by industry leaders

Google Cloud
AWS
Twilio
Stripe
SOC 2
Google Cloud
AWS
Twilio
Stripe
SOC 2
Compliance & Standards

Built on infrastructure that meets the highest global standards

SOC 2 Type IIISO 27001HIPAA-ReadyGDPR Compliant

Compliance certifications refer to underlying infrastructure providers including Retell AI, Google Cloud, and AWS. Lyra operates under their certified frameworks with end-to-end controls layered on top.

Security

Built with enterprise-grade protection

Every layer of Lyra is designed to keep your data safe and your business compliant.

Military-Grade Encryption

Every call is encrypted end-to-end. No exceptions.

AES-256
Encryption
TLS 1.3
In Transit
Zero
Plaintext

We Don't Keep Your Data

Call recordings go directly to YOUR systems. We never store copies.

  • Recordings saved to your storage
  • Customer data syncs to your CRM
  • Temporary processing data deleted within 24 hours
  • Full data portability on demand
99.99%

Uptime SLA

Multi-region redundancy with automatic failover

BAA Available for Healthcare

Business Associate Agreement included for qualified medical practice accounts

BAAPHI ProtectionAudit Trails

Compliance Coverage

HIPAA, GDPR, and state call recording laws — covered automatically

Data Flow

Where your data actually goes

01

Customer calls your number

Incoming call hits our encrypted infrastructure powered by Retell AI's HIPAA-compliant voice platform.

02

Lyra answers and handles the call

AI processes in real time using HIPAA-compliant language models. Zero PHI training. Zero data retention beyond your retention policy.

03

Data syncs to your systems

Call summaries, transcripts, and customer information flow directly to your CRM, EHR, or destination of choice. We don't keep copies.

04

Audit trail logged

Every action is logged with timestamps, user identity, and access patterns for full compliance traceability.

You're In Control

  • Choose where recordings are stored
  • Decide who can access calls
  • Set your own retention periods
  • Delete everything anytime
  • Full data export on demand
  • Custom redaction rules for sensitive fields

What We Can't Do

  • Listen to your calls
  • Access your customer data
  • Share your information
  • Use calls for model training
  • Sell or monetize your data
  • Operate without your consent

Infrastructure

99.99% uptime SLA
SOC 2 certified
HIPAA telephony
Multi-region backup
Healthcare

HIPAA compliance built in

Lyra is purpose-built for medical, dental, and clinical practices that need to automate calls without compromising patient privacy.

Business Associate Agreement

BAA available for every qualified medical practice account. Executed during white-glove onboarding.

Encrypted Patient Data

PHI stays protected with AES-256 encryption at rest and in transit. End-to-end protection across the entire call lifecycle.

Access Controls

Role-based permissions — you decide who accesses patient calls. Multi-factor authentication enforced for all admin accounts.

Audit Logs

Complete trail of every access to patient information. HIPAA-compliant logging with immutable records.

Secure Integrations

Works with athenahealth, Epic, Kareo, OpenDental, ChiroTouch, and more — all under HIPAA-compliant data flows.

Custom HIPAA Onboarding

1-2 week white-glove implementation includes BAA execution, PHI flow review, security training, and compliance documentation.

FAQ

Security questions

Questions About Security?

We're here to help. Let's talk about keeping your data safe.