SECURITY ยท TRUST & COMPLIANCE

Built for enterprise data handling.

Customer conversations are sensitive data. We treat them that way. GDPR-compliant by default, EU and UK data residency options, role-based access controls, audit logs, encryption at rest and in transit.

Request DPA + security review โ†’
โœ“ GDPR & UK GDPR
โœ“ Verified Meta Tech Partner
โœ“ TikTok Business Messaging API Partner
โœ“ DPA available on request
SECURITY PILLARS

Four non-negotiables.

Every security decision starts from these four principles.

Pillar 01 ยท Data protection

Encrypted in transit and at rest.

TLS 1.3 for everything in transit. AES-256 for data at rest. Database-level encryption for PII fields. Encryption keys managed via AWS KMS with rotation every 90 days.

  • โœ“TLS 1.3 in transit
  • โœ“AES-256 at rest
  • โœ“Database-level PII encryption
  • โœ“90-day key rotation
Pillar 02 ยท Access control

Right people, right permissions.

Role-based access control across every action in the platform. SSO via SAML for enterprise. 2FA enforced for admins. Audit logs track every config change with timestamp + actor.

  • โœ“Role-based access (RBAC)
  • โœ“SAML SSO (enterprise)
  • โœ“Enforced 2FA for admins
  • โœ“Immutable audit log
Pillar 03 ยท Compliance

Certified, not just claimed.

GDPR and UK GDPR compliant. Verified Meta Tech Partner. TikTok Business Messaging API Integration Partner. Standard DPA available within 24 hours of request.

  • โœ“GDPR + UK GDPR
  • โœ“Verified Meta Tech Partner
  • โœ“TikTok Business Messaging API Integration Partner
  • โœ“Standard DPA on request
Pillar 04 ยท Operations

Built to stay up.

99.9% uptime SLA on enterprise plans. Multi-region failover. Backups every 6 hours, 30-day retention. Disaster recovery tested quarterly.

  • โœ“99.9% uptime SLA
  • โœ“Multi-region failover
  • โœ“6-hour backups, 30-day retention
  • โœ“Disaster recovery tested quarterly
DATA RESIDENCY

Storage location & data residency

For exact storage location and data residency information, the best source is our Data Processing Agreement (DPA) and compliance documentation โ€” available upon request. Contact us to request a copy โ†’

TRANSPARENCY

Sub-processors we use, named.

Every vendor that touches customer data is listed below.

Sub-processor Purpose Location
AWS Infrastructure hosting + database EU / UK / US
Cloudflare CDN, DDoS protection, edge security Global edge
Twilio SMS + voice delivery (only if used) US / EU
Meta WhatsApp Business API, IG, Messenger Global
TikTok TikTok Business Messaging API (only if used) Global
OpenAI / Anthropic / Google LLM inference (only when AI nodes used) US
Stripe Billing + customer payments US / EU
Sentry Error tracking (no PII) EU
Datadog Infrastructure monitoring (no PII) EU
INCIDENT RESPONSE

If something does go wrong.

Real numbers, real commitments. No "best efforts" hand-waving โ€” these are the SLAs we hold ourselves to.

15min
DETECTION SLA
Median time from incident occurrence to internal alert via monitoring + on-call rotation.
2hr
DISCLOSURE SLA
Maximum time from incident detection to customer notification.
72hr
BREACH NOTIFICATION
GDPR-compliant. Affected customers notified within 72 hours of any confirmed personal data breach.

Doing enterprise diligence?

Send us your security questionnaire. We typically return it within 5 working days with full evidence.

Request security pack โ†’ Talk to us
Integrated AI. Infinite possibilities.