Your data, protected
by design
Mylla is built on a security-first foundation. From encrypted storage to automated retention enforcement, we protect your business data and your callers' privacy at every layer.
Eight security pillars
Built to earn your trust
Encryption everywhere
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Integration credentials are encrypted at the application level before storage — not just disk-level encryption.
Tenant isolation
Every business on Mylla is fully isolated at the database level using row-level security policies. Your data is never accessible to other tenants — even in the event of an application bug.
Audit trail
Security-relevant actions — agent changes, team member management, data exports, billing changes — are logged with actor, timestamp, and resource context. Audit logs are tenant-scoped and tamper-resistant.
Configurable data retention
You control how long call data, transcripts, and recordings are kept. Automated daily cleanup enforces your retention schedule. Expired recordings are permanently deleted from our telephony provider.
Data portability & erasure
Export all your data in machine-readable JSON format at any time. Request full account erasure, and all your data — including recordings, transcripts, leads, and billing records — is permanently deleted.
PII-safe logging
Our structured logging system automatically redacts phone numbers, email addresses, and other personal data before any log entry is written. No customer PII appears in our operational logs.
Transparent vendor management
We maintain a documented register of every subprocessor that handles personal data — including what data they receive, their DPA status, and cross-border transfer mechanisms.
Secure development lifecycle
Every feature goes through a security checklist covering authentication, input validation, PII handling, and logging. Dependency audits run automatically on every pull request.
GDPR Compliance
Your rights, our responsibility
Mylla is operated by Barking Studio, registered in the Netherlands. We act as a data processor on behalf of your business and support all GDPR data subject rights.
Right of access
Export all your data from the admin dashboard in one click.
Right to rectification
Update lead and customer records directly from the dashboard.
Right to erasure
Delete your account and all associated data at any time.
Right to data portability
Download a full JSON export of all your business data.
Right to restriction
Pause agents and phone numbers to halt data processing.
Right to object
Contact us to review the processing basis for your data.
Questions about our security practices?
For security inquiries, DSAR requests, or to request our subprocessor register, reach out and we'll respond within 48 hours.