Trust Center
Security, compliance, and transparency are at the core of everything we build. This Trust Center provides visibility into our security posture, compliance certifications, and operational commitments.
Security Measures
Multi-layered security protecting your AI governance infrastructure
Data Encryption
TLS 1.3 in transit, AES-256 at rest
Access Control
Role-based access control (RBAC) with least privilege
Continuous Monitoring
24/7 security monitoring and anomaly detection
Audit Logging
Immutable logs with SIEM-ready delivery patterns
Zero Data Hosting
Your data never leaves your cloud environment. ConvoAI is a pure SaaS control plane—we manage governance policies and audit trails, but your documents and models remain in your AWS, GCP, or Azure infrastructure.
Compliance Certifications
Built for regulated industries with enterprise-grade compliance
SOC 2
In ProgressTrust Services Criteria readiness program
- Annual audits by independent third party
- Continuous control monitoring
- Audit reports available to enterprise customers
HIPAA Readiness
ReadyHealth data protection readiness support
- Business Associate Agreement (BAA) available
- PHI safeguards and access controls
- Breach notification procedures
GDPR Support
ReadyEU data protection support controls
- Data sovereignty (EU region support)
- Right to erasure and data portability
- DPA available for EU customers
NIST AI RMF
AlignedAI Risk Management Framework alignment
- Govern, Map, Measure, Manage functions
- AI risk assessment procedures
- Continuous AI monitoring
Uptime & Reliability
Enterprise-grade availability with transparent SLAs
Multi-Cloud Redundancy
ConvoAI supports governed operation across AWS, GCP, and Azure with tier-based provider enablement and enterprise deployment patterns.
View Live Status PageIncident Response
Transparent communication and rapid response to security events
Detection
Automated monitoring and alerting for security anomalies
Response
Incident response team mobilized and customers notified
Breach Notification
GDPR-aligned breach notification procedures
Report a Security Vulnerability
We take security seriously. If you discover a vulnerability, please report it responsibly.
security@convoai.comPrivacy Commitments
Your data privacy is non-negotiable
Zero Training Data Use
Your documents and queries are never used to train AI models. ConvoAI enforces strict data isolation between tenants and never shares customer data with model providers.
Data Sovereignty
Choose where your data resides—US, EU, or other regions. Your documents stay in your cloud account, ensuring compliance with local data residency requirements.
Right to Deletion
Data deletion requests are supported through governed workflows and documented evidence procedures.
Data Portability
Export all your governance metadata, audit logs, and usage analytics in machine-readable formats (JSON, CSV) anytime.
Questions About Our Security?
Our security team is here to answer your questions and provide detailed documentation.