Security
Authentication
Vois AI uses Keycloak for identity and access management. All users authenticate through Keycloak before accessing the platform.
Supported login methods
- Email and password
- Google OAuth
- Microsoft (Azure AD) OAuth
- SSO (SAML 2.0 / OIDC) — available on enterprise plans
Authorization
Access control is role-based (RBAC):
| Role | Permissions |
|---|---|
| Owner | Full access — manage billing, members, delete project |
| Admin | Manage agents, integrations, members |
| Editor | Create and edit agents, skills, integrations |
| Viewer | Read-only access |
Data security
- All data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
- API keys and OAuth tokens are stored encrypted and never returned in API responses after saving
- Conversation transcripts are stored in your Azure subscription — Vois AI does not retain them on shared infrastructure
Infrastructure
- Deployed on Azure Kubernetes Service (AKS)
- Isolated per-tenant namespace
- Secrets managed via HashiCorp Vault
- All ingress traffic routes through nginx with TLS termination via cert-manager and Let's Encrypt
Webhook security
Always verify the X-Vois-Signature header on incoming webhook payloads. See Webhooks for details.
Compliance
For compliance inquiries (SOC 2, GDPR, HIPAA), contact the Vois AI team.