Where is customer data hosted?

All production data for AI Chat for Business is hosted on managed cloud infrastructure in U.S. regions, with database backups retained in the same regional boundary.

Is data encrypted in transit and at rest?

Yes. All traffic is served over TLS 1.2 or higher, and database storage and backups are encrypted at rest using AES-256.

Does AI Chat for Business support role-based access control?

Yes. Organizations can assign admin, owner, collaborator, and moderator roles to control who can manage bots, view conversations, and modify integrations or billing.

Are administrative actions audited?

Every privileged action is recorded with the actor, timestamp, and metadata in a tamper-evident audit log so teams can review changes for compliance and incident response.

Security and Privacy Built for Business Conversations

Role-based access, audit trails, encryption, and U.S.-based hosting on every plan.

AI Chat for Business handles customer conversations across web chat, WhatsApp, Instagram, Facebook Messenger, Slack, and Discord. The platform is engineered so that conversation data, knowledge bases, and integration credentials remain isolated, encrypted, and accessible only to the right people inside your organization.

Role-Based Access Control

Every workspace uses role-based access control to limit what each team member can see and change. Roles are assigned at the organization level and enforced on every API request and database query, not just in the user interface.

Owner — full control of billing, members, integrations, and data export.
Admin — manage bots, channels, integrations, and team members without billing access.
Collaborator — build and edit bots and knowledge entries within assigned workspaces.
Moderator — review and respond to conversations from the Agent Inbox without editing bot logic.

Sensitive resources such as integration tokens and webhook secrets are visible only to admin and owner roles, so collaborators and moderators cannot extract credentials. See the Agent Inbox for how moderator workflows are scoped.

Audit Logging and Activity History

Every privileged action inside the platform is captured in a tamper-evident audit log. This gives security teams a clear, queryable record of who changed what, when, and from which session.

Member invitations, role changes, and removals.
Bot creation, deletion, and knowledge edits.
Channel connections, disconnections, and credential rotations.
Data exports and bulk conversation downloads.
Login events, password changes, and session revocations.

Audit records are retained for the lifetime of the workspace and can be exported for compliance reviews or incident response.

Encryption in Transit and at Rest

All data moving in and out of AI Chat for Business is encrypted with modern transport security, and storage is encrypted by the underlying managed infrastructure.

TLS 1.2 or higher on every public endpoint, including the web app, API, webhooks, and chat widget.
AES-256 encryption at rest for the primary database, file storage, and automated backups.
Integration tokens for Shopify, Slack, Discord, HubSpot, Salesforce, and other channels are stored in an encrypted credential store, separate from general application data.
HSTS, strict Content Security Policy, and Permissions-Policy headers enforced on the marketing site and application.

Multi-Tenant Isolation

AI Chat for Business is multi-tenant by design. Every record, from bots and knowledge entries to conversations and audit events, is scoped to an organization identifier and protected by row-level security policies enforced at the database layer.

Row-level security policies attached to every table, evaluated on every query.
No cross-organization joins or shared records, even for analytics summaries.
Sensitive views restrict access to verified members of the same organization.
Background jobs run with scoped service credentials, never with broad superuser access.

For a deeper look at how the platform routes data across channels, see AI Architecture.

U.S.-Based Hosting and Data Residency

Production infrastructure is hosted in U.S. regions on managed cloud providers. Application servers, the primary database, and automated backups all stay within U.S. regional boundaries.

Primary application and database in U.S. regions.
Backups retained in the same regional boundary as the primary database.
Edge functions and content delivery operate over a global network, but customer data persists only in the U.S. regions described above.

Responsible Disclosure

If you believe you have discovered a security issue affecting AI Chat for Business, contact the team directly so the report can be triaged quickly.

Email security reports through the contact page.
Include reproduction steps, the affected URL or endpoint, and any supporting screenshots or logs.
Please do not run automated scanners against production tenants or attempt to access other organizations' data.

Ready to evaluate AI Chat for Business for your team?

Start a workspace and review the role, audit, and integration controls firsthand.

Start Free Trial Talk to the Team