Ringing Nettie…
Loading page. One sec.
Loading page. One sec.
Nettie’s trust posture should match reality. The goal is to show what is protected now, what is still manual, and what has not been earned yet.
The Nettie console is now gated behind a shared access password instead of pretending auth already exists.
Agent editing, call browsing, and manual outbound calling are restricted to authenticated console users.
Live callback demos are limited and constrained to reduce abuse and avoid accidental telephony spend.
Nettie should not claim SOC 2, HIPAA, PCI, or global compliance until those controls exist in reality.
Use the real transport guarantees from the current stack, and avoid inventing enterprise security language that is not backed by controls yet.
Nettie currently stores only the metadata and transcript paths that are implemented. Recording and retention should be sold carefully, not implied everywhere.
Do not market fictional multi-region active-active infrastructure. Current reliability comes from a narrower, inspectable stack and manual oversight.
Region and residency claims should be added only after the storage, hosting, and processor chain actually support them.
Today Nettie has practical call logs, agent edits, and transcripts where configured. That is useful for pilots, but it is not the same as a finished audit program.
The best safeguard right now is selling narrow workflows, reviewing real calls, and keeping a human in the loop instead of automating recklessly.
If a buyer needs a DPA, retention controls, or provider review, scope that during pilot planning instead of implying every framework is already covered.