Enterprise-grade security
Your data is protected by encryption, access controls, and AI safety measures designed to meet enterprise requirements.
Data Protection
Encryption in transit
All data encrypted with TLS 1.3 between your browser and our servers.
Encryption at rest
Customer data encrypted at rest using AES-256 in our database layer.
Regular backups
Automated daily backups with point-in-time recovery and disaster recovery procedures.
AI Safety
Knowledge grounding
Ava's responses are always grounded in your knowledge base with source citations. She never guesses or hallucinates.
Prompt injection scanning
All knowledge base documents are scanned for injection patterns before indexing. Suspicious content is flagged and deprioritized.
Output filtering
AI responses are sanitized to prevent data exfiltration and ensure safe content delivery.
SSRF protection
URL crawling blocks private IPs, localhost, and cloud metadata endpoints to prevent server-side request forgery.
Access Control
Two-factor authentication
Optional 2FA for all user accounts adds an extra layer of protection.
Role-based permissions
Owner, Admin, and Agent roles with customizable permissions per workspace.
Team visibility controls
Configure which conversations each agent can see based on team assignment.
Audit logging
Complete audit trail of all AI actions, tool executions, and system events.
Compliance & Infrastructure
GDPR readiness
Data handling practices designed to comply with GDPR requirements for EU customers.
SOC 2 (in progress)
Currently pursuing SOC 2 Type II certification to meet enterprise security standards.
Webhook verification
HMAC-SHA256 signature verification on all incoming webhooks to prevent tampering.
Rate limiting
Per-user, per-workspace, and per-endpoint rate limiting protects against abuse.
99.9% uptime SLA
Enterprise plan includes a 99.9% uptime service level agreement with credits.
Security questions?
Our team is happy to discuss your security requirements.