Encryption
All data is encrypted using industry-standard protocols, whether in transit or at rest.
Data at Rest
AES-256 encryption for all stored data including conversations, knowledge base, and customer information.
Data in Transit
TLS 1.3 encryption for all API calls, webhooks, and widget communications.
Credentials
Passwords hashed with bcrypt. API keys encrypted. No secrets stored in plain text.
Zero AI Training
Your conversations are private and never used to improve AI models.
Never Used for Training
Your customer conversations are never used to train AI models. Your data stays yours.
Private by Design
Anthropic (Claude AI) does not use API conversations for training. Your data is processed but never retained.
Data Isolation
Every customer's data is completely isolated at the database level using Row-Level Security (RLS).
Multi-Tenant Security
Database-enforced tenant isolation. Customer A cannot access Customer B's data under any circumstance.
Complete Separation
Separate encryption keys per tenant. Your knowledge base and conversations are completely isolated.
Compliance
Our infrastructure is built to meet the requirements of regulated industries.
| Framework | Status | Details |
|---|---|---|
| SOC 2 | Aligned | Infrastructure providers (Vercel, Supabase) are SOC 2 Type II certified |
| HIPAA | Available | Business Associate Agreement available for healthcare clients |
| GDPR | Compliant | Data residency options, right to deletion, data portability |
Infrastructure
We use best-in-class infrastructure providers with proven security track records.
| Provider | Purpose | Certifications |
|---|---|---|
| Vercel | Application Hosting | SOC 2 Type II, ISO 27001 |
| Supabase | Database | SOC 2 Type II, HIPAA eligible |
| Anthropic | AI (Claude) | SOC 2 Type II, No Data Training |
| Stripe | Payments | PCI DSS Level 1 |
Your Data, Your Control
You maintain full control over your data at all times.
Export Anytime
Download all your conversation data, knowledge base, and analytics whenever you need.
Delete on Request
Request complete data deletion at any time. We'll remove everything within 72 hours.
Transparent Processing
We only process data necessary to provide the service. No hidden data collection.