Enterprise Trust
Built In, Not Bolted On.
Security, privacy, and AI governance are not afterthoughts at Anicalls — they are foundational architecture decisions. Every product, process, and AI deployment meets the highest global enterprise security and compliance standards.
Enterprise Security Posture
Data Privacy Framework
Anicalls processes enterprise data under a comprehensive privacy framework that meets the requirements of every jurisdiction in which we operate. Client data is never used to train AI models without explicit written consent.
- Data minimisation and purpose limitation built into every AI agent
- Client data processed only in contracted jurisdictions — no cross-border transfers without explicit DPA
- Data retention policies: client data deleted within 30 days of contract termination
- AES-256 encryption at rest, TLS 1.3 in transit
- Data Processing Agreements (DPAs) available as standard with every contract
- Privacy Impact Assessments (PIAs) completed for all AI deployments
Cyber Security
ISO 27001 certified. SOC 2 Type II certified. Continuous security monitoring, penetration testing, and zero-trust architecture across all systems.
GDPR Compliance
Anicalls is fully compliant with the EU General Data Protection Regulation (GDPR) and UK GDPR. We act as both Data Controller (for our own business processes) and Data Processor (when processing client data) — with appropriate legal bases documented for every processing activity.
POPIA Compliance (South Africa)
Anicalls is fully compliant with South Africa's Protection of Personal Information Act (POPIA). As a B-BBEE Level 2 company with a Johannesburg GCC hub, POPIA compliance is fundamental to our South African operations and client commitments.
- Information Officer appointed and registered with the Information Regulator
- POPIA-compliant processing records (PAIA Manual updated)
- Data subject rights management: access, correction, deletion, objection
- Operator agreements in place for all SA client data processing
- Cross-border transfer controls: SA data remains in SA unless client authorises transfer
EU AI Act Readiness
The EU AI Act creates the world's first comprehensive legal framework for artificial intelligence. Anicalls has completed EU AI Act readiness assessment and is implementing full compliance ahead of the applicable deadlines.
UAE Data Protection Law
Anicalls' Dubai entity operates in full compliance with the UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law — PDPL) and DIFC Data Protection Law 2020 for our DIFC-regulated operations.
- UAE PDPL compliance: lawful basis, purpose limitation, data minimisation
- DIFC Data Protection Law 2020 compliant for DIFC operations
- Saudi PDPL awareness: SAMA-aligned privacy controls for KSA client data
- Qatar PDPL and QFC Data Protection Regulation compliant
- Arabic-language privacy notices available
AI Governance Framework
Anicalls operates a comprehensive AI governance framework — covering model risk management, AI ethics, explainability, bias prevention, and board-level AI oversight.
Responsible AI Principles
Anicalls' Responsible AI Charter defines the principles that govern how we design, deploy, and monitor AI systems. These principles are operationalised — not just aspirational — with measurable commitments for every deployment.
Our full Responsible AI Charter is available on request. It covers all six NIST AI RMF core functions: Govern, Map, Measure, Manage, Communicate, and Monitor.
Request AI CharterBusiness Continuity & Disaster Recovery
Anicalls operates a comprehensive Business Continuity Management System (BCMS) aligned with ISO 22301. Critical systems are designed for 99.99% availability with automated failover.
- RTO: 4 hours for critical systems, 24 hours for non-critical
- RPO: 1 hour data loss tolerance for production systems
- Multi-region active-active deployment: no single region dependency
- Annual full DR test + quarterly partial tests. Results Board-reviewed
- GCC operations: multi-site delivery from 6 global locations for client service continuity
- Crisis communications: client notification within 30 minutes of Severity-1 incident
SLA Framework
All Anicalls client contracts include service level agreements with financial consequences — not just best-efforts commitments. Our standard SLA framework includes the following service levels.
| Service Level | Commitment | Measurement Period | Remedy |
|---|---|---|---|
| Platform Availability | 99.99% uptime | Monthly | Service credit 10% per 0.01% below SLA |
| Response Time (P99) | ≤ 350ms | Weekly | Incident review + remediation plan |
| Support Response — P1 | 15 minutes | Per incident | Escalation to CTO within 30 minutes |
| Support Response — P2 | 2 hours | Per incident | Root cause analysis delivered within 24 hours |
| Support Response — P3 | 8 hours | Per incident | Resolution within agreed timeline |
| Security Patch — Critical | 24 hours | Per vulnerability | Immediate client notification + patch status |
| Security Patch — High | 7 days | Per vulnerability | Remediation report |
| Data Breach Notification | 24 hours | Per confirmed breach | Full incident report within 72 hours |
Vendor Risk Management
Anicalls maintains a rigorous vendor risk management programme for all sub-processors and critical technology suppliers. Clients can request our sub-processor list and vendor risk assessment results at any time.
- Annual vendor security assessments for all critical and high-risk suppliers
- Data Processing Agreements (DPAs) executed with all sub-processors
- Sub-processor list maintained and published — clients notified 30 days before additions
- Cloud providers: AWS, Microsoft Azure, Google Cloud — all ISO 27001 and SOC 2 certified
- Vendor concentration risk monitoring: no single vendor dependence for critical systems
- Procurement-ready: B-BBEE L2, SOC 2 Type II, GDPR DPA, ISO 27001 — all available for vendor onboarding
Audit & Assurance Framework
Enterprise clients have the right to audit Anicalls' controls. Our audit framework supports client audits, regulatory inspections, and third-party assurance engagements.
Request our full security evidence pack, SOC 2 report, or schedule a security review call.
Request Security PackComplete Your Vendor Due Diligence
Our procurement team can provide ISO 27001 certificate, SOC 2 Type II report, DPA template, B-BBEE certificate, and completed vendor questionnaires — typically within 5 business days.