Legal

Security at ChatOrAI

We take the security of your business data and your customers' conversations seriously. Here's how we protect everything entrusted to us.

๐Ÿ”

Encryption

  • โœ“All data in transit encrypted with TLS 1.3
  • โœ“Data at rest encrypted with AES-256
  • โœ“JWT tokens signed with HS256 and rotated regularly
  • โœ“API keys stored encrypted, never logged
๐Ÿ›ก

Infrastructure

  • โœ“Hosted on Railway with isolated containers
  • โœ“CDN and DDoS protection via Cloudflare
  • โœ“Automatic backups every 24 hours
  • โœ“Zero-downtime deployments
๐Ÿ”‘

Access Control

  • โœ“Role-based access control (RBAC) across all accounts
  • โœ“Each client's data is tenant-isolated
  • โœ“Admin access requires MFA
  • โœ“All access events are logged and auditable
๐Ÿ“‹

Compliance

  • โœ“GDPR-aligned data handling practices
  • โœ“Data Processing Agreements available on request
  • โœ“Meta platform policies strictly followed
  • โœ“Regular internal security reviews
๐Ÿงช

Testing & Monitoring

  • โœ“Continuous monitoring for anomalies and threats
  • โœ“Automated vulnerability scanning in CI/CD pipeline
  • โœ“Incident response plan with <2h SLA
  • โœ“Security patches applied within 24 hours of disclosure
๐Ÿ‘

Transparency

  • โœ“Public status page at chatorai.com/status
  • โœ“Incident postmortems published within 48 hours
  • โœ“Security changelog maintained
  • โœ“Responsible disclosure program active

๐Ÿ” Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please email us at security@chatorai.com with a description of the issue.

We commit to: acknowledging your report within 24 hours ยท providing a timeline for a fix within 72 hours ยท not pursuing legal action against good-faith researchers.

For security concerns or questions, contact us at security@chatorai.com. For general privacy questions, see our Privacy Policy.