LogoLogo
  • Go to Docs Center
  • Meet Plum Fuse
  • Tutorial
    • Basics
    • Deployment
    • Building A Complex Application
  • How to...
    • Send SMS messages using the REST module
    • Use the SMS Module
    • Upload an Audio Recording to Storage
    • Use Plum's Transcription API
  • Fuse Navigation
  • Application Manager
    • New Application
    • Managing Applications
    • Folders
  • Template Center
  • Deployments
    • Deployments Table
    • Creating Deployments
    • Updating Deployments
    • Deleting Deployments
    • Outbound Deployments
  • Logs
  • Reports
  • My Account
    • Global Options
    • Admin Options
  • Users & Sharing
    • Single Sign On
  • Application Editor
    • Application Editor Overview
    • Settings
      • Language Settings
        • Text-To-Speech (TTS) Options
      • User Input Settings
      • Connection Settings
      • Post-Call Webservice
      • JavaScript Libraries
    • Audio Manager
      • Languages
      • Prompt Table
      • Audio Formats
      • Bulk Uploading Audio Prompts
    • Modules
  • Modules
  • Call-Flow
    • Prompt
    • Transfer
    • Go To App
    • Go To Page
    • Compare Variable
    • Counter
    • Exit
    • Call Log
    • Label
    • Subdialog
  • Input
    • Address
    • Yes/No
    • Custom Field
    • Date/Time
    • Number
    • Digits
    • Language
    • Menu
    • Dynamic Menu
    • Name
    • Record
  • Data
    • Email
    • SMS
    • Set Variable
    • Call Recording
    • Evaluate JS
    • REST
    • SOAP
  • Integration
    • Setting up authentication
    • Dialogflow
    • DynamoDB
    • AWS S3
  • Variables
    • Shadow Variables
  • Module Settings
  • Key Fuse Info
  • 📞Outbound
    • Queuing Calls with CSV
    • View Pending Calls
    • Viewing Completed Calls
    • Detecting Voicemail
    • Outbound Parameters
    • Outbound FAQs
  • 🔒Data Security
    • 'Private' Mode
    • Managing Secure Phone Numbers
    • Sensitive Data Types
  • 🔑APIs
    • Authentication
    • Outbound Calls
      • Queue Call
      • Queue Multiple Calls
      • Get Outbound Call Status
      • Cancel Outbound Calls
    • Logs
      • Get Call Logs
      • Get Call Logs With Details
      • Get A Detailed Call Log
  • 🗒️Release Notes
Powered by GitBook
On this page
  • Overview
  • Secure IVR Basics
  • IVR Security Guide

Data Security

PreviousOutbound FAQsNext'Private' Mode

Last updated 3 years ago

Overview

At Plum Voice, we take performance and security seriously. That is why we’re committed to continuously updating our products; to ensure that you always have the best technology to work with. We also continually evaluate our platform to determine if it makes sense to expand our security portfolio and add new standards.

These periodic updates provide an opportunity to double-check security settings in your Plum apps. Plum’s platform is always PCI-DSS and HIPAA compliant, but it’s equally important for customers to ensure that the apps they build and manage on our platform are also compliant with these standards. Both the platform (our responsibility) and any apps (customer responsibility) need to be set up properly to ensure an end-to-end secure and compliant data transfer.

For more information about customer responsibility with regard to using Plum's platform, see Requirement 3 of the following document:

Secure IVR Basics

Whitelisting IP Addresses

All data requests from Plum originate from static IP subnets. Customers that utilize whitelisting need to ensure that these IP subnets are whitelisted so that our requests can reach you.

Plum will also need to whitelist all IPs and/or fully-qualified domain names used by your application on our side in order to grant you access.

To get a list of whitelist IPs, or if you have questions about whitelisting, .

Understanding Secure Data Flow

The data flow process originates when the caller inputs information. The data travels across the public switched telephone network and is captured by the IVR. After capturing this data and at some point before the call disconnects, the IVR establishes a connection to the customer’s database/payment processor/business logic, etc. through a secure HTTP web service.

Once that information is transmitted to the customer and the call ends, that caller’s information is deleted from the IVR application’s memory.

HTTPS

There are two important points to keep in mind about this data flow.

  1. Plum customers must have a secure HTTP connection (HTTPS) to ensure that a secure, encrypted connection exists between the two systems for the data transfer. Plum's firewalls will deny any non-HTTPS requests that come out of our PCI environment.

  2. Plum Voice does not, under any circumstance, save or store caller financial data. We only capture caller information and transmit it to customers.

Once a Plum IVR application hands off encrypted data to a customer, it is up to that customer to ensure that the remaining work flow on their end is PCI-compliant.

Secure Phone Numbers

Customers cannot use Plum's PCI-environment for testing or QA purposes.

IVR Security Guide

The following guide is primarily intended for Do It Yourself (DIY) customers, but the information is relevant to all secure applications.

Although this section tends to reference PCI-compliance, at Plum, PCI is commonly used as a catch-all term to refer to any customer security needs.The same protocols apply to customers who require HIPAA, SOC2, or any other security standard.

Customers should check with their own compliance auditors to ensure that they protect the correct data, regardless of which standard(s) they require.

Phone numbers connected to secure IVR applications require additional backend configuration. For more information, see .

- This covers how to set your application to securely collect caller information and how to use call logs to verify that your app is functioning properly.

- This covers the differences between Secure and Non-Secure phone number and the limitations customers face with each.

- This provides information on the types of data that customers should mark as private.

🔒
Managing Secure Phone Numbers
The 'Private' Setting
Managing Phone Numbers for Secure IVR Apps
Sensitive Data Types
contact Plum Support
454KB
PlumVoice-ResponsibilityMatrix.pdf
pdf
Customer Responsibility Matrix