Security practices
Encryption in transit and at rest
All data is encrypted with TLS 1.3 in transit and AES-256 at rest. API keys and secrets are never logged.
Data isolation
Each customer's data is logically isolated. Embeddings and documents are stored per-tenant with strict access controls.
Infrastructure
Hosted on trusted cloud providers with SOC 2 compliant data centers. Regular backups and disaster recovery.
Access controls
Role-based access, audit logs, and MFA support. You control who can access your chatbots and data.
Compliance
We are working toward SOC 2 Type II certification. Our architecture follows industry best practices.
Data processing agreements, consent management in the widget, data export, and deletion on request.
We minimize data collection. Chat logs can be redacted or disabled. No selling of customer data.
Data handling
• Documents and URLs you upload are chunked, embedded, and stored for retrieval. Raw content is not sent to LLM providers beyond the chunks needed to answer each query.
• Conversation logs are stored for analytics and improvement. You can disable logging or request deletion.
• We use OpenAI, Anthropic, and other LLM providers. Data sent to them is subject to their respective privacy policies. Enterprise customers can discuss on-premise or private deployment options.
Questions about security?
Enterprise customers can request a security questionnaire or call.
Contact us →