Encryption
AES-256 envelope encryption at rest, TLS 1.3 in flight, per-tenant key separation on cloud. Secret keys and webhook signing secrets are sealed and never logged in plaintext.
Where your data lives, how it's encrypted, who can access it, what the AI is allowed to read, and the audit trail behind every operation. No marketing fog, just the questions your security team will ask, with real answers.
AES-256 envelope encryption at rest, TLS 1.3 in flight, per-tenant key separation on cloud. Secret keys and webhook signing secrets are sealed and never logged in plaintext.
Owner, admin, support & custom roles with per-page grants. 2FA on every account. SSO available on Business plans.
HMAC-SHA256 over the raw body on every webhook. Replay protection via timestamp + nonce, idempotency keys on writes, per-connector secret rotation.
Encryption seals the data; an immutable stream records every move. Two deep, live capabilities, not a checkbox.
Every byte you store is encrypted with AES-256 using per-tenant keys on cloud. Every byte we send across the wire uses TLS 1.3. Public API keys are stored in plaintext because they're meant to be shared, but secret keys and webhook signing secrets are sealed with envelope encryption derived from your environment, never logged in plaintext anywhere.
Every admin action, every AI turn and every webhook delivery lands in an immutable, owner-only audit stream with the actor, timestamp, IP and duration. AI History records each admin, customer and writing turn with the exact rendered prompt, the AI response, the action result and the duration. Filter, search and export the whole trail to CSV.
Shared multi-tenant cloud for the fastest path to production, a dedicated tenant database for stronger isolation, or self-hosted on your own infrastructure where you keep the data path end-to-end. Same code everywhere; you pick the trust boundary.
Our cloud platform is engineered with the controls security teams expect, and we don't claim certifications we don't hold. GDPR-aligned with DSAR, deletion and export workflows live in the account portal; CCPA-aware with do-not-sell signals respected; SOC 2 and ISO 27001 in progress with audit-ready immutable logs already in place. A BAA is available on Business for HIPAA workloads. And the AI never trains on your data. You choose the provider, the model and, on self-hosted, your own key.
How data is handled day to day: who touches it, how it's backed up, and how long it's kept.
Cloud infrastructure, AI providers, payment gateways and email delivery are listed on /compliance with the data each handles and where it sits. We notify customers before any change.
Daily encrypted backups on cloud with point-in-time recovery. Self-hosted customers own their own backup schedule and storage end-to-end.
A master retention setting drives every log purge. Set it to forever or any number of days; deletion and export run from the account portal.
Every customer record exposes a delete & export button; operators can also call POST /v1/customers/{id}/erase. Deletion audit entries are retained 12 months for compliance.
A built-in consent banner with regional defaults and per-cookie opt-in, so consent decisions are captured and recorded in the audit stream.
Found a security issue? Email [email protected]. We acknowledge disclosures quickly and credit responsible researchers.
The difference between a marketing promise and a control your security team can verify.
| What your security team asks | Typical answer | OpsIQ |
|---|---|---|
| Encryption at rest | "It's encrypted" | AES-256 with per-tenant keys; secrets sealed, never logged |
| Encryption in transit | "HTTPS" | TLS 1.3 on every connection |
| Webhook authenticity | Shared token in a header | HMAC-SHA256 over the raw body + replay protection |
| Who can see what AI did | Black box | 100% of AI turns logged: prompt, response, result, actor |
| Audit trail | Partial app logs | Immutable, owner-only; actor, IP, time, duration; CSV export |
| Data residency | One region, take it or leave it | EU & West Africa, region choice on dedicated, your call self-hosted |
| Delete a customer's data | File a ticket, wait | Self-serve button + POST /v1/customers/{id}/erase |
| Training on your data | "Read our policy" | Never: live context only, you choose the provider |
| Self-hosting | Not available | Same code, your infra, full data sovereignty, air-gap ready |
| Incident transparency | Status page, eventually | 30-min notice, public RCA in 5 business days, SLA credits |
The controls behind the trust center. ★ marks a stand-out.
| Control | What it does |
|---|---|
| Encryption & keys | |
| AES-256 at rest ★ | Envelope encryption with per-tenant key separation on cloud. |
| TLS 1.3 in transit ★ | Every connection encrypted in flight. |
| Sealed secrets | Secret keys and webhook signing secrets stored encrypted; never logged in plaintext. |
| Per-install key derivation | Encryption keys derived from your environment. |
| Access & identity | |
| Role-based access ★ | Owner, admin, support and custom roles with per-page permission grants. |
| Two-factor (2FA) | On every account. |
| SSO | Single sign-on available on Business plans. |
| Failed-login lockout | Brute-force attempts throttled into automatic lockout. |
| Signed integrations | |
| HMAC-SHA256 webhooks ★ | Signed over the raw body on every webhook delivery. |
| Replay protection | Timestamp + nonce on signed events. |
| Idempotency keys | On all write APIs. |
| Per-connector secret rotation | Rotate each integration's secret live. |
| AI safety | |
| Action contracts ★ | Every AI action is registered with declared scope, roles and parameters. |
| Approval gating | Risky operations require explicit human confirmation. |
| No off-contract actions | The AI cannot invent operations. |
| No training on your data ★ | Calls carry live conversation context only; you choose the provider. |
| AI History | Every turn: rendered prompt, response, action result, duration and actor. |
| Audit & transparency | |
| Immutable audit log ★ | Every admin action, AI turn and webhook delivery: actor, IP, time, duration. |
| Owner-only access | The audit trail is restricted to the workspace owner. |
| CSV export | Filter, search and export the whole trail. |
| Operational hardening | |
| IP & CIDR firewall | Blocklists on inbound traffic. |
| Bot & threat scoring | On visitor logs. |
| Rate limiting | On public endpoints. |
| Replay-protected gateway events | Payment gateway callbacks verified and de-duplicated. |
| Compliance & data | |
| GDPR-aligned ★ | DSAR, deletion and export workflows live in the account portal. |
| CCPA-aware | Do-not-sell signals respected; per-customer erase endpoints. |
| HIPAA-ready (Business) | BAA available for Business customers handling PHI. |
| SOC 2 IN PROGRESS | Audit-ready immutable logs already in place. |
| ISO 27001 IN PROGRESS | Controls being formalised. |
| Cookie consent | Built-in banner with regional defaults and per-cookie opt-in. |
| Data residency | EU & West Africa cloud regions; you pick on self-hosted. |
| Delete & export | Self-serve plus POST /v1/customers/{id}/erase. |
| Customer-controlled retention | A master setting drives every log purge. |
| Daily encrypted backups | Point-in-time recovery on cloud; your own schedule self-hosted. |
| Uptime & incidents | |
| 99.95% uptime SLA ★ | For cloud customers. |
| Live status | Public live status at /status. |
| 30-minute incident notice | Affected customers notified within 30 minutes of an operational incident. |
| Public RCA | Posted within 5 business days; cloud customers credited per SLA terms. |
| Deployment isolation | |
| Shared cloud isolation ★ | Per-tenant keys and isolated databases per workspace. |
| Dedicated tenant | Dedicated database with isolated credentials, optional VM and custom domain. |
| Self-hosted | Same code, your infrastructure, full data sovereignty, air-gap compatible. |
Straight answers, no marketing fog.
POST /v1/customers/{id}/erase programmatically. Audit log entries about the deletion itself are retained for 12 months for compliance review.