Account

Security

Callable protects your account and your data with two-factor authentication, an audit log of API-key access, key-rotation reminders, encrypted integration secrets, and strict workspace isolation.

Two-factor authentication

Two-factor authentication (2FA) adds a second step to sign-in, so a stolen password alone can't get into your account. Enable it from the Settings page.

Tip: Turn on 2FA before you invite teammates or connect production integrations — it protects every credential stored in your workspace.

API-key access audit log

Callable keeps an audit log of API-key access so you can see when your keys were used. Use it to review activity and spot anything unexpected.

You'll also find a broader audit log of workspace activity on the Team page, which records what members do in your workspace.

Key-rotation reminders

Callable surfaces key-rotation reminders that prompt you to periodically replace your API keys. Rotating keys on a regular cadence limits how long any single credential stays valid, reducing your exposure if one is ever compromised.

Encrypted integration secrets

Any secret you connect in Integrations — such as your bring-your-own LLM keys, TTS/STT provider keys, or telephony credentials — is stored encrypted at rest using AES-256-GCM.

Because these secrets are encrypted, you connect them once and Callable resolves them server-side when an agent needs them; you don't paste them into individual agents or expose them in the browser.

Workspace data isolation

Your data is isolated to your workspace. Agents, teams, phone numbers, knowledge base content, campaigns, results, call history, and connected integrations all live inside your own workspace and are not shared with other accounts.

When you invite teammates, they join your workspace with an assigned role, and their activity is captured in the audit log. Billing is managed in an owner-only Billing tab on the Team page.

Next steps

  • Team — invite teammates, assign roles, and review the activity audit log
  • Integrations — connect provider keys that are stored encrypted
  • Settings — enable two-factor authentication and manage your account