Trust & Security

Your data is protected — and we'll show you how.

Security isn't an afterthought here — it's built into the product and visible in your dashboard. Here's exactly how we handle and protect your business and your customers' data.

Encrypted everywhere

All traffic runs over HTTPS/TLS with HSTS enforced. Sensitive credentials you connect (database strings, CRM keys, tokens) are encrypted at rest with AES-256 before they are ever stored — never kept in plain text.

Read-only database access

When you connect a database, we run every query inside a read-only transaction and reject anything that isn't a SELECT. Your AI can read the data it needs to answer customers — it can never INSERT, UPDATE, DELETE, or alter your schema.

Per-account key isolation

Every workspace is keyed to its own API key, which we store only as a salted hash. One customer's widget, leads, conversations, and knowledge base are never reachable from another account.

You own your data

Your leads, conversations, and knowledge base belong to you. Export them any time, and delete your account to remove them. We do not sell your data or your customers' data to anyone.

Hardened infrastructure

We ship a strict security-header set site-wide (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) and run a continuous server-side security audit you can see right inside your dashboard.

Privacy by design

Lead capture supports explicit consent text, and our Data Processing Addendum (DPA) is available for customers who need one. We collect only what's needed to run your chatbot.

A quick word on how the AI uses your data

  • Your knowledge base and (optional) read-only database are used only to answer your own customers' questions in your own widget.
  • We never use your private business data to train shared models. Your content stays yours.
  • Database connections run through a SELECT-only guard inside read-only transactions, so the AI physically cannot modify your records.
  • Connected credentials are AES-256 encrypted at rest and decrypted only in-memory at the moment a query runs.

Security you can actually see

Every account gets a built-in, on-demand security audit of its own domain — HTTPS, HSTS, CSP and more — right inside the dashboard.

Start free