Trust Center
Security, compliance, and transparency are at the core of everything we build. This Trust Center provides visibility into our security posture, compliance certifications, and operational commitments.
Security Measures
Multi-layered security protecting your AI governance infrastructure
Data Encryption
TLS 1.3 in transit, AES-256 at rest
Access Control
Role-based access control (RBAC) with least privilege
Continuous Monitoring
24/7 security monitoring and anomaly detection
Audit Logging
Immutable logs with SIEM export capability
Zero Data Hosting
Your data never leaves your cloud environment. ConvoAI is a pure SaaS control plane—we manage governance policies and audit trails, but your documents and models remain in your AWS, GCP, or Azure infrastructure.
Compliance Certifications
Built for regulated industries with enterprise-grade compliance
SOC 2 Type II
In ProgressTrust Service Criteria compliance (Security, Availability, Confidentiality)
- Annual audits by independent third party
- Continuous control monitoring
- Audit reports available to enterprise customers
HIPAA Compliance
ReadyHealth Insurance Portability and Accountability Act readiness
- Business Associate Agreement (BAA) available
- PHI safeguards and access controls
- Breach notification procedures
GDPR Compliance
ActiveEU General Data Protection Regulation compliance
- Data sovereignty (EU region support)
- Right to erasure and data portability
- DPA available for EU customers
NIST AI RMF
AlignedAI Risk Management Framework alignment
- Govern, Map, Measure, Manage functions
- AI risk assessment procedures
- Continuous AI monitoring
Uptime & Reliability
Enterprise-grade availability with transparent SLAs
Multi-Cloud Redundancy
ConvoAI deploys across multiple availability zones in AWS, GCP, and Azure. If one cloud provider experiences an outage, your governance infrastructure remains operational.
View Live Status PageIncident Response
Transparent communication and rapid response to security events
Detection
Automated monitoring and alerting for security anomalies
Response
Incident response team mobilized and customers notified
Breach Notification
GDPR-compliant breach notification procedures
Report a Security Vulnerability
We take security seriously. If you discover a vulnerability, please report it responsibly.
security@convoai.comPrivacy Commitments
Your data privacy is non-negotiable
Zero Training Data Use
Your documents and queries are never used to train AI models. ConvoAI enforces strict data isolation between tenants and never shares customer data with model providers.
Data Sovereignty
Choose where your data resides—US, EU, or other regions. Your documents stay in your cloud account, ensuring compliance with local data residency requirements.
Right to Deletion
Delete your data anytime with one click. We provide immediate data deletion with cryptographic proof of erasure for GDPR compliance.
Data Portability
Export all your governance metadata, audit logs, and usage analytics in machine-readable formats (JSON, CSV) anytime.
Questions About Our Security?
Our security team is here to answer your questions and provide detailed documentation.