Security isn't an afterthought here — it's built into the product and visible in your dashboard. Here's exactly how we handle and protect your business and your customers' data.
All traffic runs over HTTPS/TLS with HSTS enforced. Sensitive credentials you connect (database strings, CRM keys, tokens) are encrypted at rest with AES-256 before they are ever stored — never kept in plain text.
When you connect a database, we run every query inside a read-only transaction and reject anything that isn't a SELECT. Your AI can read the data it needs to answer customers — it can never INSERT, UPDATE, DELETE, or alter your schema.
Every workspace is keyed to its own API key, which we store only as a salted hash. One customer's widget, leads, conversations, and knowledge base are never reachable from another account.
Your leads, conversations, and knowledge base belong to you. Export them any time, and delete your account to remove them. We do not sell your data or your customers' data to anyone.
We ship a strict security-header set site-wide (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) and run a continuous server-side security audit you can see right inside your dashboard.
Lead capture supports explicit consent text, and our Data Processing Addendum (DPA) is available for customers who need one. We collect only what's needed to run your chatbot.
Every account gets a built-in, on-demand security audit of its own domain — HTTPS, HSTS, CSP and more — right inside the dashboard.
Start free