Operator is built to run sensitive business workflows without treating your customer data, calls, or financial context like a growth asset.
These are the product boundaries we try to make clear before you ever connect a phone number, bank feed, or customer workflow.
Customer lists, business records, call transcripts, and financial context are not sold, licensed, or shared with advertisers.
Your business data stays isolated to your account and is not used to train shared models.
You can request a full export at any time. If you leave, your data goes with you.
Bank connections are read-only. Operator can categorize activity, but it cannot move money without explicit approval.
If you need everything removed, we process account deletion and clean up retained operational data on a defined schedule.
Data is encrypted at rest and in transit using the same baseline protections expected from modern financial infrastructure.
No surprises. Here’s the full data access map for the main product surfaces.
Transcripts only (you can disable).
Extract information and train your knowledge base.
Read-only via Plaid.
Cannot move money.
Name, phone, and history.
Book, follow up, and invoice.
Hours and rates you input.
Calculate and submit via Gusto.
Never stored.
Not applicable.
Never requested.
Not applicable.
Operator leans on established infrastructure providers instead of inventing a custom security stack from scratch.
Core infrastructure runs on AWS-hosted systems with standard auditability, encryption, and access controls.
Financial connections use read-only bank access so transaction context can be analyzed without exposing credentials to Operator.
Payments and billing are processed through Stripe. Card data does not live in Operator systems.
Voice and messaging flow through Twilio-backed infrastructure for call handling, routing, and notifications.
If you need specifics about retention, integrations, exports, or how a particular workflow is handled, we’ll talk through it plainly.