Security & Privacy
Bank-grade encryption, strict tenant isolation, and zero AI model training on your customer data. Here's how we keep your store safe.
Every API key, credential, and session token is encrypted at rest and in transit, with per-project keys. Nothing is stored in plain text.
Customer conversations and store data are never used to train AI models. We don't sell, rent, or share your data. Full stop.
The chat widget loads only on approved domains, authenticates sessions with signed nonces, and blocks abuse with rate limits.
Four roles: Owner, Admin, Technical Specialist, Chat Supervisor. Supervisors can be limited to specific stores.
Practices
The technical practices we follow on every line of code, every database write, and every API call.
AES-256-GCM with per-project keys. Database backups encrypted at the volume level. Secrets stored in a hardened vault, never in code.
TLS 1.3 across every public endpoint. HSTS blocks HTTP downgrade attacks. Auth cookies set Secure, HttpOnly, SameSite to mitigate XSS and CSRF.
Dashboard JWTs in HttpOnly cookies. Widget sessions chain 5-minute HMAC tokens, nonces, and device-bound JWTs. SAML SSO and MFA available.
Postgres Row-Level Security policies on every table. Organization and project scoping enforced in the database, not just the app.
Per-IP and per-session rate limits on every public endpoint. Widget bootstrap nonces are single-use and expire in 60 seconds. Automatic lockouts on credential abuse.
Every administrative action (config changes, role updates, refund approvals, ticket transitions) is logged with actor, timestamp, and full diff.
Daily encrypted backups with 30-day retention. Point-in-time recovery for the production database. Restore procedures documented and validated periodically.
Published security@egentify.com address for responsible disclosure. We acknowledge reports within 48 hours and patch critical issues within 7 days.
FAQ
Need a security questionnaire, a Data Processing Agreement, or to talk to our team about a specific control?
Contact securityWe are not currently SOC 2 certified. We follow SOC 2 Type II practices internally and plan formal certification once we cross the customer threshold that warrants the audit cost. Until then, we publish detailed security practices and answer security questionnaires for enterprise customers.
Customer data lives in managed Postgres in US-East. Backups stay in the same region. Tenant isolation is enforced at the database layer via Postgres row-level security policies.
No. Customer conversations and store data are never used for training. We use OpenAI's API with explicit data-retention opt-out, so prompts are not used to improve their models either.
Internal access is restricted to a small set of engineers with audited, time-bound access via SSO + MFA. Production access requires a documented incident or support escalation, and every read or write is logged.
Customer PII (names, emails, phone numbers) is stored encrypted at rest and only used to power your conversations. We don't share PII with third parties beyond the subprocessors listed in our Data Processing Agreement.
Yes. The widget shows a privacy notice on first interaction, supports cookie-free guest sessions, and respects Do Not Track. We provide a signed Data Processing Agreement (the standard GDPR vendor contract) on request for EU customers.
You can export all your data (conversations, tickets, customer summaries) for 30 days after cancellation. After that, all customer-identifying data is deleted from production. Backups containing your data are purged within 90 days.
We follow a written incident response plan. Affected customers are notified within 72 hours of a confirmed breach as required by GDPR, with a follow-up post-mortem published once root cause is determined.
Need a security questionnaire filled out, a Data Processing Agreement, or just want to chat with someone about how we keep your data safe? Drop us a note and we'll get back to you the same day.