Security

1. Data Encryption

All data transmitted to and from June is encrypted using TLS 1.3. Data at rest is encrypted using AES-256, the same standard used by financial institutions and government agencies.

Call recordings and SMS message logs receive additional encryption layers and are stored in access-controlled environments with strict authentication requirements.

2. Access Controls

We enforce role-based access controls throughout our systems. All administrative access requires multi-factor authentication (MFA). We follow the principle of least privilege, meaning employees only have access to data necessary for their job functions.

Multi-tenant isolation ensures that contractor data is strictly separated. Each organization's data is scoped to their tenant and inaccessible to other accounts.

3. Infrastructure Security

June runs on enterprise-grade cloud infrastructure with:

• Multiple availability zones for redundancy
• Automated daily backups with point-in-time recovery
• Disaster recovery procedures tested regularly
• Network isolation and firewall protection
• DDoS mitigation at the edge

4. Voice and SMS Security

All voice calls are processed through Twilio with end-to-end encryption. Call recordings are stored in encrypted, access-controlled storage and retained for 90 days by default (configurable per account).

SMS messages are transmitted via Twilio's A2P 10DLC registered channels with compliant opt-in/opt-out handling. Message content is encrypted in transit and at rest.

5. Payment Security

All payment processing is handled through Stripe Connect. June never stores credit card numbers or sensitive payment credentials on our servers. Stripe is PCI DSS Level 1 certified, the highest level of payment security compliance. Contractors are the merchant of record for all client-facing transactions.

6. Monitoring and Incident Response

Our systems are monitored 24/7 for security events and anomalies. We maintain documented incident response procedures and will notify affected customers within 72 hours of discovering any security incident that impacts their data.

We conduct regular penetration testing and vulnerability assessments using independent third-party security firms.

7. Data Storage and Retention

All data is stored in secure data centers located in the United States.

• Call recordings: 90 days default (configurable)
• Call transcripts and SMS logs: follow your account retention settings
• Job photos: retained for the duration of your account
• Upon account termination: data deleted within 30 days

8. Third-Party Security

We carefully vet all third-party service providers and require them to meet our security standards. Our key providers include:

• Twilio: Voice and SMS communications (SOC 2 Type II certified)
• Stripe: Payment processing (PCI DSS Level 1)
• Supabase: Authentication and database (SOC 2 Type II)

We never sell your data to third parties.

9. Compliance

• CCPA compliant for California residents
• TCPA compliant for all SMS and voice communications
• California Penal Code 632 compliant call recording disclosures
• A2P 10DLC registered for compliant business messaging
• PCI DSS compliant payment processing via Stripe

10. Your Responsibilities

Security is a shared responsibility. We recommend:

• Using strong, unique passwords for your June account
• Enabling multi-factor authentication when available
• Promptly notifying us of any suspected unauthorized access
• Obtaining proper consent before adding customers or technicians to the platform

11. Security Questions

If you have security questions or want to report a vulnerability, contact us: