Security Overview

Here's how we ensure your data is safe with us


Client Applications (Cradle Desktop, iOS and Android)

We produce our own applications in-house so that we have control over the functionality and security of the final product. All API communication between our applications and the various APIs that we use to set up calls, transfer user and contact information, and update your team on your presence is made over a secure connection. 

Note that real-time voice traffic is sent over a standard UDP connection (in the same way that the PSTN is unencrypted). 

Access to any of our client applications is only available to authorised Microsoft (including Azure AD) or Google (including Workplace) accounts. 

Web Application

Access to our web application is secured using TLS to ensure that data communicated to our services through our web application is private. 


Communication between our client applications and our APIs is all sent over encrypted connections, to ensure the privacy of your data. This includes communication between our carrier and other third parties and our own services. 


Our suppliers of cloud infrastructure that host your data are all ISO 27001 compliant. Our primary suppliers and their security policies are listed here:


Fraud is a significant consideration for the telecommunications industry and we have multiple layers of protection in place to prevent the unauthorised placement of phone calls using our service. 

We ask that our customers all enforce multi-factor authentication as part of a strong internal security policy to protect the integrity of your users' accounts. 


In order to continue to protect your security, we regularly release updates to our software products. These are made for both feature and bug-fix-related reasons, as well as to improve the application security. We strongly recommend always using the latest versions of our software to protect your data. 

In addition, we code-sign all production software to ensure that the software you download is exactly as we created it. This includes notarizing software through Apple's developer programme, distributing Apple iOS software only through the Apple App Store, distributing Windows applications through the MS Store, and Android applications through the Play Store. 

PCI compliance

Cradle's phone service is not PCI compliant by default. If you have a PCI compliance requirement for your use of Cradle's phone service, you must contact us prior to using Cradle for this purpose. 

Privacy Policy

Please see our Privacy Policy for details on our commitment to your privacy.