Security & Trust
Your data security is our foundation
Your content trains YOUR AI. It never leaves your workspace. We don't use your data to improve our models or anyone else's.
Data protection
Encrypted everywhere, always
Encryption in transit
All data transmitted over TLS 1.2+ with HSTS enforcement. Every API call, every widget message, every form submission — encrypted end-to-end.
Encryption at rest
AES-256 encryption for all stored data. Your customer conversations, form responses, and knowledge base content are encrypted in our database.
Secure authentication
Industry-standard authentication with secure session management. API keys are hashed and never stored in plain text.
Privacy & compliance
GDPR compliant by design
Privacy isn't an afterthought. It's built into every feature from the ground up.
GDPR compliance
Full compliance with the General Data Protection Regulation. Data processing agreements available on request.
Data Processing Agreement
Standard DPA available for all customers. Defines exactly how we handle your data and your customers' data.
Right to erasure
Delete any contact, conversation, or form response at any time. When you delete it, it's gone. No hidden copies.
Data portability
Export your data anytime. Form responses, conversations, contacts — all exportable in standard formats.
Consent management
Pre-chat forms can collect explicit consent. Cookie preferences respected. Your compliance requirements, built in.
Transparent data handling
Our privacy policy spells out exactly what we collect, why, and how long we keep it. No surprises.
AI security
AI that stays in its lane
Our zero-hallucination architecture means your AI agent can't make up answers, access the internet, or leak data between workspaces.
No training on your data
We never use your content, conversations, or customer data to train AI models. Your data stays yours. Period.
Zero hallucination architecture
Your AI only answers from YOUR content. No internet access, no guessing, no made-up policies or prices. If it doesn't know, it says so.
Content sandboxing
Each workspace's knowledge base is completely isolated. Your data never bleeds into another customer's AI responses.
Prompt injection protection
Built-in safeguards prevent visitors from manipulating your AI agent into revealing sensitive information or behaving unexpectedly.
Infrastructure
Built on reliable infrastructure
Cloud-hosted infrastructure
Hosted on industry-leading cloud infrastructure with automated scaling, redundancy, and geographic distribution.
Automated backups
Continuous database backups with point-in-time recovery. Your data is always recoverable, even in worst-case scenarios.
24/7 monitoring
Real-time monitoring, alerting, and automated incident response. We know about issues before you do.
Your controls
You control your data
Granular permissions, workspace isolation, and audit trails give you full control over who accesses what.
Team permissions
Control who can view, edit, or manage your chatbots, forms, and Minds. Role-based access for your entire team.
Workspace isolation
Each workspace is fully isolated. Separate data, separate settings, separate team access. Perfect for agencies managing multiple clients.
API key management
Generate, rotate, and revoke API keys from your dashboard. Each key has scoped permissions.
Audit logs
Track every action in your workspace. Who changed what, when, and why. Available on Scale plans.