Enterprise-grade by default. Everything documented.
The security posture your IT team wants to see before you buy — data handling, encryption, access controls, and vendor list. Send this page to your CISO.
Data
Hosted where you need it, encrypted, yours.
Access
RBAC + audit logs + Face ID.
Encryption
TLS 1.3 + AES-256 at rest.
Compliance
GDPR / HIPAA-ready + DPA + sub-processor list.
Where your data lives + how we treat it.
Where your data lives
Data-residency options match what your compliance framework requires. Regional deployment available on request per instance. Your customer messages, KB documents, and conversation logs stay in your chosen region — details shared under NDA.
Your data stays yours
We never train foundation models on your conversations or KB. Your data powers your instance and nothing else. Export it any time — CSV, JSON, PDF. Delete it any time — full-purge in 30 days.
Retention you control
Set conversation retention per instance (30 / 90 / 365 days or indefinite). PII masking optional. GDPR right-to-erasure implemented per-contact + per-instance + account-wide.
Backups you can audit
Daily encrypted backups, 30-day retention, quarterly restore drills. Backup logs available on request under NDA.
Every action, attributable.
Role-based access
Superuser (you) · Admin (managers) · Operator (staff). Operators see only assigned instances. Every action logged with timestamp + user ID + IP.
SSO + 2FA
SAML / OIDC for enterprise. TOTP 2FA for individual accounts. Passwordless magic-link option available.
Face ID on operator app
Operator iOS + Android apps gate access via Face ID / Touch ID. Phone unlock alone does NOT reveal customer messages.
At rest. In transit. Everywhere.
TLS 1.3 in transit
Every customer message + every operator action rides TLS 1.3 with modern ciphers (X25519 + ChaCha20-Poly1305). Legacy TLS versions disabled.
AES-256 at rest
Databases, backups, and file uploads encrypted with AES-256-GCM. Encryption keys rotated quarterly, escrowed offline.
Secrets management
API tokens + integration credentials sealed via HashiCorp Vault. No plaintext secrets anywhere in the codebase or in support access.
BYO key (enterprise)
Enterprise customers can bring their own KMS keys (AWS KMS / Azure Key Vault / GCP KMS). We hold ciphertext only.
The honest current state.
GDPR-ready if you need it
Data-processing agreement available on request. Right-to-erasure per-contact / per-instance / account-wide. Audit trail retained for regulatory review. Turn it on per instance for EU customers.
US SaaS controls
Role-based access, per-instance data isolation, encrypted in transit + at rest, audit trail on every operator + admin action. Standard US SaaS controls for a Virginia LLC serving customers globally.
HIPAA on request
Not a covered entity by default. HIPAA-ready hosting available on request with a signed BAA — required for medical, dental, veterinary, and adjacent verticals handling PHI.
No SOC 2 or ISO 27001 yet
We don't currently hold SOC 2 Type II or ISO 27001 certification. Procurement conversations that require formal certifications are handled during the demo call — we're transparent about what we do and don't hold.
What we do so you don't have to.
Automated dependency scans + patching
Renovate + Snyk run on every build. Critical patches applied within 24h; high within 7 days.
Backup restore drills
One instance restored from the previous week's backup, checked byte-for-byte, then discarded. Reports available.
Access audit
Every user + every role + every instance reviewed. Stale accounts revoked. Sub-processor SLAs revisited.
Incident response
24/7 on-call rotation for security incidents. Public status page. GDPR-compliant customer notification within 72 hours of confirmed breach.
Every vendor that touches your data.
Anthropic (Claude API)
Language-model provider. Conversation content sent to Anthropic for response generation. Zero-retention API mode enabled — Anthropic does not store or train on your data.
SendGrid (transactional email)
Transactional email delivery — confirmations, invoices, password resets, notifications. DPA in place.
Application hosting
Cloud hosting across AWS, OVH, and Hetzner. Region details shared under NDA. Regional deployment on request per instance.
Cloudflare (DNS + WAF + CDN)
DDoS protection, edge caching, web application firewall. Sets an essential __cf_bm cookie for bot management. No customer message content stored at the edge.
Google Cloud (Maps + Weather) — optional
Enabled for geo-aware answers (distance, live weather, GPS pins). Instance-scoped, no personal data forwarded. Turnable off per instance.
Freepik (AI image generation) — optional
Optional AI image generation for the WordPress plugin content tools. Not used by the chat runtime. Turnable off per instance.
Twilio (admin 2FA codes only)
Used for operator + admin two-factor authentication codes only. Not used for customer WhatsApp routing. If SMS as a customer channel is enabled for your instance, Twilio also carries that traffic — DPA in place.
WhatsApp / Meta — transit only
Messages flow through WhatsApp's network the same way any WhatsApp Web session does. No data-processing agreement with Meta, no Meta Business API contract. Bridge model: operator scans a QR from your dashboard, WhatsApp installed on their phone acts as a linked device — same mechanism as WhatsApp Web.
Send this page to your security team.
Or request the full security pack — DPA, sub-processor list, penetration test summary, backup logs — under NDA.