GOJE AI is a B2B platform handling sensitive call data and customer records. Security and data protection are built into how we operate. This page summarises our practices. For how we handle personal data, see our Privacy Policy.
Infrastructure & Data Residency
Your application data and database are hosted on Supabase, running on AWS in the eu-west-1 (Ireland) region, keeping primary data within the EU. The application is delivered via Vercel. Some sub-processors (listed below) operate outside the EU under appropriate safeguards.
Encryption
- In transit: all traffic is served over HTTPS (TLS), with HTTP Strict Transport Security enforced.
- At rest: data is encrypted at rest by our infrastructure providers.
- Integration credentials: third-party API keys (such as per-agent booking keys) are encrypted using AES-256-GCM before storage.
Application Security
- Strict Content-Security-Policy and hardened HTTP security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy).
- Rate limiting on sensitive and authentication-related endpoints.
- File-upload validation (type and content checks).
- Bot and spam protection on sign-up via Cloudflare Turnstile.
Authentication & Access
- Authentication is handled by Supabase Auth, with email verification required before access.
- Multi-tenant isolation is enforced at the database level with row-level security, so organisations can only access their own data.
- Role-based permissions (agent, supervisor, admin, billing) scope what each user can do.
Payments
Payments are processed by Stripe (PCI DSS Level 1). Card details are entered directly with Stripe and never pass through or rest on our servers.
Sub-Processors
We rely on the following sub-processors to deliver the service:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | EU (AWS eu-west-1, Ireland) |
| Vercel | Application hosting and delivery | Global edge / EU |
| Retell AI | AI voice agent processing | United States |
| Twilio | Telephony and phone numbers | United States / EU |
| Stripe | Payment processing (PCI DSS Level 1) | United States / EU |
| Cloudflare | Bot and spam protection (Turnstile) | Global |
| Axiom | Performance analytics (consent-gated) | United States |
| Sentry | Error tracking (consent-gated) | EU (Frankfurt) |
Your Data Rights
For access, correction, export, or deletion requests, see the rights section of our Privacy Policy or contact dp@goje.ai.
Reporting a Vulnerability
If you believe you've found a security vulnerability, please email oh@goje.ai with details. We ask that you give us a reasonable opportunity to investigate and address the issue before any public disclosure.
© 2026 Goje AI. All rights reserved.