Security
Your AI assistant handles real business data — customer details, financial records, internal workflows. We treat that responsibility seriously. Here is exactly how we protect your information at every stage.
Our Approach
Every AI assistant we deliver is built around these core security practices. They are not optional add-ons — they are part of how we work.
Data is encrypted both in transit (using TLS) and at rest. Whether your assistant is processing a customer inquiry or storing workflow data, encryption is applied by default — not as an afterthought.
We follow least-privilege principles. Your assistant and its data are only accessible to the people who genuinely need access. Role-based permissions ensure that team members, integrations, and support staff each see only what they should.
For clients on managed hosting plans, we provide active security monitoring. This includes logging, anomaly detection, and alerting so that unusual activity is caught early — not discovered weeks later.
We do not use your business data to train AI models. Your data is used solely to operate your assistant. We are upfront about what data is collected, how it flows, and where it is stored — no fine print surprises.
Security is considered from the first line of code, not patched in after launch. We follow secure development practices including code review, dependency management, and testing before any assistant goes live.
If a security event occurs, we have a clear process: identify, contain, communicate, and resolve. You will be notified promptly with honest information about what happened and what we are doing about it.
Data Handling
Transparency builds trust. Here is a straightforward explanation of what happens with your data when you work with us.
Your AI assistant processes the business data it needs to do its job — this may include customer inquiries, lead information, invoice details, internal requests, or workflow data depending on the assistant type. During discovery, we define exactly which data your assistant will access, so there are no surprises.
For managed hosting clients, data is stored on reputable cloud infrastructure with encryption at rest. For self-hosted clients, data remains entirely on your own infrastructure. In both cases, we design systems to minimize data retention — your assistant stores what it needs to function, not everything it can collect.
Access is tightly controlled. Your team members get the access levels you define. On our side, only the specific engineers assigned to your project can access your data, and only when needed for development, deployment, or support. We do not grant blanket access to our entire team.
We do not hold onto your data longer than necessary. Retention periods are defined during the build process based on your needs and any applicable requirements. When data is no longer needed, it is deleted. If you end your engagement with us, we follow a clear offboarding process that includes data export and secure deletion.
It is your data. You can request a copy of your data at any time. You can ask us to delete it. You can ask us to explain what we have and how it is being used. We will respond to these requests promptly and without pushback. If you choose to leave, your data leaves with you.
Our Commitments
These are the specific commitments we make to every client. They are not aspirational goals — they are how we operate today.
These commitments apply to all engagement types. Managed hosting clients receive additional protections including active monitoring, automated backups, and priority incident response.
FAQ
No. We do not use your business data to train AI models. Your data is used solely to operate your assistant — processing the tasks you have configured it to handle. It is not shared with third parties for model training purposes.
For managed hosting clients, data is stored on reputable cloud infrastructure providers with encryption at rest. For self-hosted clients, data remains on infrastructure you control. We can discuss specific hosting arrangements and geographic requirements during the discovery phase.
Access is limited to the specific team members working on your project, and only when necessary for building, deploying, or supporting your assistant. We follow least-privilege principles, meaning no one gets access they do not need. We can provide details about our access policies during your onboarding.
If you end your engagement, we work with you to export or delete your data according to your preferences. For managed hosting clients, we follow a clear offboarding process that includes data return and secure deletion within an agreed timeframe. You will not have to chase us to get this done.
We design our systems with established security frameworks in mind, but we do not currently hold formal SOC 2 or HIPAA certifications. We believe in being honest about this rather than making vague compliance claims. If your business has specific regulatory requirements, we will discuss them during discovery and be upfront about what we can and cannot support.
Your assistant connects to the specific tools and services you already use — your CRM, email, calendar, accounting software, and so on. During the build phase, we document every integration and third-party connection so you know exactly where your data flows. We do not add undisclosed integrations.
The security practices described on this page reflect how we approach every project. However, no system is 100% secure, and we do not guarantee that security incidents will never occur. What we do guarantee is that we will handle your data responsibly, respond to incidents honestly, and continuously work to improve our practices.
AI assistants process business data to perform their configured tasks. While we implement safeguards to prevent errors, AI systems can produce unexpected outputs. We recommend human review for critical business decisions and sensitive data handling. Clients are responsible for reviewing assistant outputs in high-stakes contexts.
Specific security configurations, data handling procedures, and retention policies are documented in your project agreement. The information on this page provides a general overview and does not replace the terms of your individual contract.