Security and Compliance
Chat Aid is built with security and privacy as top priorities. We maintain industry-leading certifications and follow best practices to protect your data.
Security Overview
Your data security is our highest priority:
- 🔒 Encryption - All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
- 🛡️ SOC 2 Type II Certified - Annual third-party security audits
- 🌍 ISO 27001 Certified - International security management standards
- ⚖️ GDPR & CCPA Compliant - Full privacy regulation compliance
- 🔐 Access Controls - Role-based permissions and data isolation
- 📊 24/7 Monitoring - Real-time security monitoring and alerting
Certifications and Compliance
Chat Aid maintains industry-leading security certifications:
SOC 2 Type II ✅
We undergo annual third-party audits to verify our security controls, availability, and confidentiality practices.
Enterprise customers can request our SOC 2 report by contacting security@chataid.com.
ISO 27001 ✅
We're certified to the international standard for information security management systems.
GDPR & CCPA Compliant ✅
We're fully compliant with data privacy regulations including GDPR (EU) and CCPA (California).
Your Data Rights:
- Access your data
- Request deletion
- Export your data
- Correct inaccuracies
- Opt-out of data processing
To exercise your rights, contact privacy@chataid.com.
For complete details, see our Privacy Policy.
Data Protection
Where Your Data Lives
All Chat Aid data is stored in secure AWS data centers in the United States (US-East-1 region).
What We Store
- Questions you ask and answers we generate
- Connected data source metadata (not full documents)
- User account information
- Usage analytics
What We Don't Store
- Credit card information (handled by Stripe)
- Passwords in plain text (hashed with bcrypt)
- Full copies of your documents (only embeddings/vectors)
Data Retention
- Active accounts: Data retained for service operation
- After cancellation: Data permanently deleted within 1 month
- Cold backups: Limited data kept for up to 1 year for disaster recovery only
See our Privacy Policy for complete details.
Privacy
How We Use Your Data
We use your data only to provide Chat Aid services:
- Generate AI-powered answers to your questions
- Improve answer quality and relevance
- Provide customer support
- Analyze usage to improve features
What We Never Do
- ❌ Sell your data to third parties
- ❌ Train external AI models with your data
- ❌ Share with advertisers
- ❌ Use for unrelated purposes
- ❌ Access your data without permission
Service Providers
We work with trusted partners who meet our security standards and help us operate Chat Aid.
For a complete list, see our Sub-processors page.
Security Practices
Infrastructure
- AWS Cloud - Enterprise-grade infrastructure
- Automated Backups - Regular backups with disaster recovery
- DDoS Protection - Protection against attacks
- 24/7 Monitoring - Real-time security monitoring and alerts
Application
- Secure Development - Code reviews and security testing
- Regular Updates - Security patches and vulnerability management
- API Security - Authentication, rate limiting, and validation
- Penetration Testing - Regular third-party security assessments
Access Control
- Least Privilege - Employees only access data they need
- Background Checks - All employees are background checked
- Audit Logging - All data access is logged and monitored
- MFA Required - Multi-factor authentication for all staff
For technical details, visit security.chataid.com.
Incident Response
We have comprehensive incident response procedures:
- Rapid Detection - 24/7 automated monitoring
- Quick Response - Immediate containment and assessment
- Transparent Communication - Notify affected customers within 72 hours
- Continuous Improvement - Learn from every incident
Report Security Issues: Email security@chataid.com for security concerns or vulnerabilities.
Your Security Responsibilities
Help keep your account secure:
Account Security:
- Use strong, unique passwords
- Don't share credentials
- Log out on shared devices
- Report suspicious activity
Data Management:
- Only connect necessary data sources
- Review integrations regularly
- Remove former employees promptly
- Use appropriate team roles
Team Management:
- Audit user access periodically
- Disconnect unused integrations
- Monitor team membership
Frequently Asked Questions
Is my data safe with Chat Aid?
Yes. We use enterprise-grade encryption, maintain SOC 2 and ISO 27001 certifications, and follow security best practices. Your data is encrypted in transit and at rest.
Can Chat Aid employees see my data?
Only authorized personnel with a legitimate business need can access customer data, and all access is logged and monitored.
Do you train AI models on my data?
No. We never use your data to train any AI models or share with third parties. Your data is used only to provide Chat Aid services to you.
Where is my data stored?
Data is stored in AWS US-East-1 (Virginia) data centers.
What happens when I cancel my account?
All your data (except cold backups) is permanently deleted within 1 month of cancellation.
Additional Resources
For detailed security and compliance information:
- Security Documentation: security.chataid.com
- Privacy Policy: chataid.com/privacy
- Terms of Service: chataid.com/terms
- Sub-Processors: chataid.com/sub-processors
Contact
Security Issues: security@chataid.com
Privacy Requests: privacy@chataid.com
General Support: support@chataid.com
For SOC 2 reports or detailed compliance documentation, visit security.chataid.com.