whoot.
FeaturesUse casesTrader voiceMartyn's lawPricing
Sign inStart free
Security

Security is the
foundation.

whoot is built with security at every layer — from encrypted voice streams to database-level access controls. Your conversations stay private, your data stays protected.

TLS 1.3AES-256RLSMFARBACData Residency

Defence in depth.

Multiple independent layers of security protect your data at every stage — in transit, at rest, and at the point of access.

Encryption in Transit

Every byte of data moving between your devices and our infrastructure is encrypted using TLS 1.3 — the latest and most secure transport protocol.

Encryption at Rest

All stored data — including voice recordings, transcriptions, and workspace metadata — is encrypted at rest using AES-256. Your data is unreadable without the correct keys, even at the storage layer.

TLS 1.3

We enforce TLS 1.3 across all connections. This ensures forward secrecy, faster handshakes, and protection against known downgrade attacks.

Row Level Security (RLS)

Our Postgres database enforces Row Level Security policies, ensuring that every query is scoped to the authenticated user's permissions. Data isolation between tenants is enforced at the database level — not just in application code.

Data Residency

Choose where your data lives. We support configurable data residency so your organisation can meet regional compliance requirements including GDPR. Your voice data, recordings, and metadata stay in the region you choose.

Secure Payments via Stripe

All billing and payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never store card numbers, CVVs, or sensitive payment credentials on our servers.

Role-Based Access Control (RBAC)

Fine-grained permissions let workspace owners control exactly who can do what. From room access to admin settings, every action is gated by role. Assign Owner, Admin, or Member roles — and audit every change.

Multi-Factor Authentication (MFA)

Add a second layer of protection to every account. whoot supports TOTP-based multi-factor authentication, so even if a password is compromised, unauthorised access is blocked.

Automated Backups

Your data is continuously backed up with point-in-time recovery. Automated daily backups are retained and encrypted, ensuring business continuity and protection against data loss.

Built for regulated industries.

From financial services to healthcare operations, whoot is designed to meet the security expectations of the most demanding environments.

All voice streams encrypted with TLS 1.3
AES-256 encryption for data at rest
Row Level Security enforced at the database
Role-Based Access Control across every workspace
Multi-Factor Authentication for all accounts
Automated encrypted backups with point-in-time recovery
Configurable data residency per workspace
Payment data handled exclusively by Stripe (PCI DSS Level 1)

Questions about security?

Our team is happy to walk through our security architecture, compliance posture, or answer any questions your InfoSec team may have.

Contact Us Privacy Policy

end of page · start of conversation

whoot.

The fastest way to talk to your team. Period.

Start free — 90 secondsDownload for iOS↗
END-TO-END ENCRYPTEDAES-256TLS 1.3OPUS 48K · DTLS-SRTPGDPR · UK DPAMIFID II · MARTYN'S LAW

Product

  • Features
  • Use cases
  • Pricing
  • Roadmap
  • Documentation

Use cases

  • Remote teams
  • Incident response
  • Financial services
  • Operations teams
  • Trader voice
  • Martyn's law

Company

  • About
  • Investors
  • Contact
  • Security
  • Privacy
  • Terms
  • Blog
  • Acceptable use

© 2026 whoot. All rights reserved. whoot is a trading name of Eager Lobster Ltd. A company registered in England and Wales. Company Number 17038042. Registered Office: First Floor 1 Des Roches Sq, Witan Way, Witney, England, OX28 4BE. Prices shown on this website are exclusive of VAT, GST or other applicable taxes.

all systems operationaldesigned in london · always-on