Converse Logo
Security & Compliance

Data Isolation

Converse is a multi-tenant platform where many organizations share the same infrastructure. This page explains how your data is kept completely separate from every other organization's data.

The isolation model

Every piece of data in Converse belongs to an organization. Isolation is enforced at multiple independent layers — each sufficient on its own to prevent cross-tenant access:

1. Storage layer

All data storage enforces organization-level access controls. Queries are filtered by your organization's unique identifier at the storage layer itself — not just in application code. This means that even if an application-level bug existed, the storage layer would independently return no data for cross-organization queries.

2. Application layer

Every API request is authenticated and the caller's organization is resolved from their token. This resolved organization identifier is applied to every data operation. User-supplied input cannot override or substitute the organization identifier.

3. Call pipeline layer

When a voice or text session starts, the pipeline loads only the agents, flows, knowledge, and tools belonging to that session's organization. No resource from another organization is ever accessible within a running session, regardless of configuration.

What is isolated per organization

Agents & system prompts
Flows & node configurations
Phone channels & credentials
Knowledge base documents
Knowledge search indexes
Custom tools & webhooks
MCP server connections
Call history & transcripts
Campaign contacts & outcomes
Team members & roles
API keys
Activity & audit logs
Billing & usage data
Escalation rules & handoffs
Live call sessions

Knowledge base isolation

Knowledge base documents have two levels of isolation:

The knowledge search system is designed so that an organization identifier is always required. Searches without a valid organization cannot return results — they are rejected, not silently filtered.

Tool and integration isolation

Custom tools, webhooks, and MCP server connections are scoped to an organization. Within an organization, tools can be further restricted to specific agents. During a live call, the pipeline loads only tools explicitly assigned to the calling agent within the current organization. Tool definitions from other organizations are never visible or executable.

Campaign contact isolation

Campaign contacts are particularly sensitive — they contain personal phone numbers, names, and custom data. The isolation guarantees:

Credential security

Telephony provider credentials stored in channels are encrypted before being written to storage:

Access control

All access to organization data requires an authenticated session. Authentication is token-based with short-lived signed tokens. Tokens are verified before any data operation. Team member roles further restrict what each user can see and do within their organization — see Team & Access for details.

Independent verification

Organizations requiring independent verification of isolation guarantees can request access to our security documentation by contacting support. Enterprise accounts can arrange a dedicated technical security review.